Mary Ellen Kelleher is Smokeball’s Product Manager in Chicago. She ensures Smokeball’s products are safe and easy to use for all its small firm clients.
With high profile data breaches affecting everyday consumer brands, you may find yourself asking if your law firm’s data is secure. Outside of the ethical responsibilities outlined by the ABA, at the end of the day a breach could radically impact your firm’s success. In order to protect your business, you need to make sure that your files are protected against hackers and phishing scams. While the concept of “cloud” storage evokes thoughts of data floating in the undefined ether, the cloud can be your closest ally in protecting your firm.
So what are the ethical requirements when it comes to data protection and technology generally? The ABA has issued guidance through Model Rule 1.1, and additional guidance comes from the ABA Standing Committee on Ethics and Professional Responsibility through Formal Opinion 477R. Lawyers are expected to make reasonable efforts to protect client data, which includes requirements for Continuing Legal Education centered around tech. Additionally, many state bars have implemented specific technology learning requirements. While CLEs can help expand your knowledge of cyber security, inevitably hackers will know more. What can you do?
- Hackers vs. The Cloud
The first consideration when strengthening your data security is protection from hackers by making sure that your method of file storage is secure. Necessarily, law firms generally have a large quantity of files, which are stored on either an internal server or via the cloud. Without proper security measures in place, you are putting your firm at risk for ransomware and security leaks.
First, let’s dive into purchasing an internal server. This has been the standard practice for small law firms in the past but has started to change as firms come to realize that buying and maintaining a server is not only risky, but also expensive. Upfront costs can start at $3,000, and the server will require maintenance and security upgrades over the years, with replacement advised every 5 years. Additionally, without a backup at another geographical location, failure is a real possibility. Your data lives in one single vulnerable place. And while you may trust your lock and key to your office, data security is much more complex than being able to keep an eye on a tangible server in your office. Additionally, servers come with other difficult considerations. As an attorney, you’re tasked with assessing the credentials of the IT firm you’re working with, when you may need a security update and whether or not the package being offered to your firm is the right one. Luckily, law schools across the country cover IT security comprehensively in your third year, so you know how to assess which IT firm to contract with and which package to purchase – right? Of course not! There is a reason that businesses across the country have begun to outsource the management of their data to the largest cloud providers. Those companies have the time and resources to protect data as their one and only job.
So what is “the cloud”? The cloud is a network of servers maintained by the provider that can be accessed through the internet. So, instead of one server in your office, your data is duplicated and housed on many servers in various geographical locations. When you leverage the right cloud storage provider, you are backed by billions of dollars invested in security with some of the brightest technical minds protecting your data. There is a reason why massive companies like Intuit, Capital One, Netflix, and others we rely on every day have chosen to outsource security and data management to the biggest cloud storage firms.
Smokeball leverages this powerful and protected storage as well! Smokeball leverages the security and power of Amazon Web Services to offer unlimited storage for our clients, ensuring that your security and storage headaches can go away. You don’t have to pay for a server and unlike other cloud providers, Smokeball offers the ability to work offline. Remember, too, that Smokeball provides document automation, 200+ unique area of law layouts, unlimited storage, automatic time & activity tracking, and many more productivity tools. It’s the whole secure package.
- Data Protection Beyond Storage
Even if you’ve securely stored your documents and data in the cloud, you still need to be vigilant for human error. Outside of making sure that that data is secure from hackers, there is also the responsibility to make sure that staff is sufficiently trained to avoid inadvertently sharing secure client information with bad actors. Everyone with access to data at the firm should understand how to recognize common phishing scams by checking the sender, watching out for typos, and watching out for any email that seems off. The most common scams pose as a known entity, and include a link or attachment asking you to login to your account or open an attachment.
Here is an example of a phishing scam sent to many Smokeball employees, who have been trained to recognize these types of scams. The first employee to receive it notified other employees that if they received it to delete, thus making sure anyone who wasn’t paying attention would be on the lookout as well. This particular scammer posed as Chase Bank, and tried to get the user to click on the link. If they clicked, they could be tricked into providing their Chase login details to the attacker, or even worse, accidentally installing a keystroke logger which would reveal even more than the Chase login.
While an attack may seem unlikely, if it does happen, all of your files could be gone overnight. It’s essential to take extra training precautions to protect your business from wrongdoing. If you want to learn more about how Smokeball can help you to secure your law firm, call us at (855) 668-3206. We exist to keep your law firm safe and productive.