These days most client data is maintained in electronic form, not on paper But your ethical obligation to keep it safe and confidential – whether it’s stored in the cloud or in a file cabinet – remains the same. And though electronic information has many advantages, there are risks as well: intentional breach, accidental loss and inadvertent disclosure.
Stay Vigilant, Stay Safe
It’s easy to be slack about cyber safety. Unlike paper documents – which we can hide in file drawers and store in locked rooms – we can’t touch electronic data. When we turn off our computers, we can’t even see it. Because this information is intangible and invisible, it makes a juicy target for wrongdoers. They can steal it or gain access to it, and we may never know.
Cybersecurity starts with education and ends with reliable systems run by a trained staff.
Alta Pro Practice Pointers
- Develop a culture of cybersecurity. Make this a priority. Don’t delegate cyber safety to IT staff. Walk the walk. At staff meetings, talk about office vulnerabilities and ways to shore them up. Bring in an expert for a cyber training session. Have the whole office attend a seminar on cybersecurity.
- Create protocols for data management. Include a section in your Office Policy Manual on cyber safety. Develop checklists for receiving, storing and transferring data. Discuss how the ethical duty of confidentiality applies to cyber information.
- Follow best practices for cybersecurity. Install firewalls and antivirus programs. Have secure passwords. Use two-factor authentication. Encrypt sensitive data. Keep software current with systems patches and updates. Develop a policy on using laptops and devices out of the office.
- Be careful with email. Screen incoming messages. Confirm the sender’s identity if there is any doubt. Have a protocol for opening email attachments, clicking on links and downloading outside documents. Be alert for scams.
- Double-check the recipient’s address. Are you sending it to the right place? Avoid “reply to all” mishaps. Make sure you attach the right files. If it’s going to a non-client, make sure the content is appropriate and doesn’t divulge confidences.
- Keep client information secure. Physical files should be locked away, not piled on desks and scattered around the office.
- Choose a cloud service with care. Does your state bar have any requirements for selecting a cloud vendor? If not, vet vendors yourself. Go with reliable services that are widely used and monitored, such as Box, Dropbox and Google Drive.
- Have a disaster preparedness plan. Laptops, desktops and case management systems should be backed up and easily recoverable in case of an emergency. Test your back-up system periodically.
- Know what to do if your laptop or phone is lost or stolen. Consider using an application that will remotely delete data on missing devices. Some apps are even triggered to erase data if your device is accessed without authorization.
The Bottom Line: A key to cybersecurity is creating a law firm culture that always looks for common threats and common-sense solutions.