By Craig Petronella, CEO Petronella Technology Group Inc.
When a law firm is moving from in-house data storage to the cloud, it should start with a security risk assessment.
This is similar to what you did when you set up your computer system. In the cloud, your cybersecurity needs to be configured from the ground up inside the provider’s dashboards. While you can re-purpose your existing security software, different types of security, policies, and procedures may be needed. Based on the cloud provider you select, there should be different risk assessments to verify the security protocols, policies and procedures of those whom your firm works with.
For smaller law firms using cloud solutions like Office 365, for example, in addition to a platform they need to have their cloud settings configured properly so there are no gaps creating vulnerabilities. They need to do penetration assessments. Firms that allow mobile devices access to their systems need to be configured properly and set up for encryption.
Want to attend a free CLE webinar on “Top 10 Things to Prevent a Data Breach?” It’s just one of the many benefits of membership in the Alta Pro Lawyers RPG. Find out how to join here.
Big Hosts Don’t Always Mean Big Security
There is a common misconception that if you are hosting with Microsoft or Amazon or one of the other big providers, all your troubles will go away. That’s not exactly true.
Two law firms recently had their trust accounts hijacked through wire fraud. The users were tricked with a phishing e-mail, then their settings were misconfigured. The settings could have been hardened to make it tougher for the hackers to get in.
Using the cybersecurity that comes with the cloud storage software without any upgrades puts your system at very high risk of exposure. See the most recent news postings on default router and IoT device settings. The defaults don’t cut it.
Why You Need an Expert
Cybersecurity is not “one size fits all,” but you can do some things to heighten the security of your platforms that are public. If you read the terms and conditions of Microsoft and Amazon, they are not responsible for how you configure your controls. They give you the platform, but you still need to know what you are doing. You need to have an expert configure it all, assess the security assessment on those platforms. Plus you need checks and balances.
A freelancer who handles your IT may be an excellent resource for support or general helpdesk support, but not cybersecurity.
A cybersecurity expert can help you through the maze of what your law firm specifically needs to do, analyze what technology you are using, what software packages you are using, what vendors you are using. It’s like the doctor analogy, if you have cancer you would not treat yourself for it.
The cost for analysis can range widely. An expert could tell you what needs to be fixed and provide options on other types of assessments and remediation. It’s like going to your GP to get initial tests done and a first diagnosis. Then the GP sends you to a specialist
Training is Essential
Many cybersecurity breaches are the result of human error when established procedures are not followed. Training your staff should always be an essential element of your cybersecurity system. When you move to the cloud, you will need to train your team on any new protocols. This is also an opportunity to reinforce security procedures you already have in place.
Want a Pro Practice Partner that’s available 24/7? Join the Alta Pro Lawyers RPG for tech tools and risk management resources. Learn more here.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, which specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of the Amazon bestsellers “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For more information about a cyber-crime risk assessment call: 1-877-468-2721