About the Author
Law firms are hugely accountable when it comes to keeping data protected and safe. Given that they need to keep all files for at least 6 years after a case is closed, one single firm can be storing an extraordinary amount of data at any one time.
The Information Security Breaches Survey 2015 report, carried out by PWC, found that 90% of large organisations and 74% of small organisations had experienced a security breach.
Here, we look at an action plan for how you can keep your law firm’s data safe, reassure your clients, and give them a reason to choose you over another organisation.
Action plan to protect data
Whether you use your in-house IT support team or employ outside services such as DPS Software, there are certain aspects of cybersecurity that must be addressed:
- Boundary firewalls and internet gateways – these are devices designed to prevent unauthorised access to or from private networks, but the correct setup of these devices (either in hardware or software form) is important for them to be fully effective.
- Secure configuration – systems must be configured in the most secure way for the needs of the organisation.
- Access control – carefully control access so that only those who should be accessing the systems can. There should be different levels of access for different members of the team.
- Malware protection – antivirus and malware protection must be installed and kept up to date.
- Patch management – the latest supported version of applications should be used and all the necessary patches supplied by the vendor applied.
- Two-factor authentication – this is an extra layer of security that only allows access once a password and time-limited code have been entered. The code is sent to a specified device.
- Policies and procedures – clear policies and procedures should be communicated to all employees and adhered to.
- Internal audits – regularly check to see if the correct level of security is in place and that policies and procedures are being followed.
- Physical security – part of cybersecurity is ensuring that only authorised people can gain access to the physical office, filing cabinets and certain areas of the building.
What employees need to do
It’s not all about IT support, though. The PWC report states that 50% of the worst security breaches were caused by human error.
Therefore, it is imperative to take your staff through training at least once a year to ensure they are up to date on what they should be doing to prevent cyber attacks. Topics covered should include:
- The latest type of cyber attacks and how to spot them – attackers are extremely intelligent and change the way they try to infiltrate a business regularly.
- Regular software updates – latest versions have built-in safeguards to protect against the latest digital attacks.
- Passwords – these should be changed every couple of months and must contain at least eight characters, including uppercase, lowercase, numbers and special characters. They must not be a word you can find in a dictionary.
- Encryption – this must be used to render the content of communications and files – whether emails, PDFs, Word documents or other – illegible without a password.
- Screen locking – internal staff can be a threat. As such, each time an employee leaves their desks, their screen should be locked.
- A clear desk policy – risks on a messy desk include: notes with passwords on, memos to colleagues that contain confidential information, piles of paperwork where a single missing sheet wouldn’t be noticed, a mobile phone that could be stolen, and drinks that can be spilt on hardware.
How DPS Software can help
DPS Software can help as much or as little as you want with ensuring the correct levels of security for your law firm. Our expert team can work alongside your in-house IT department, or we can become your outsourced IT support, carrying out detailed audits and providing the correct software to ensure maximum security.
With solutions such as DPS Cloud, DPS Outlook Office and DPS Spitfire, we can protect your organisation whether your employees are on-site or working remotely. What’s more, meeting security requirements and remaining compliant with the best solutions comes with the added bonus of reducing costs and increasing efficiency at the same time.
Our friendly team is always happy to discuss your needs and potential options. Contact us today.