It goes without saying, data security is a BIG issue right now (for law firms as much as any other business).
At Smokeball we regularly field questions like “How secure is the cloud?”, “What’s the safest way to back up my documents?” and “How do I stop my email from being hacked?”. These questions are the result of a few misconceptions about data security and cloud software floating around (excuse the pun). To help clear up some of the confusion, below are four basic principles that all small law firms should consider when it comes to protecting data.
Here’s What Your Law Firm Should Know about Data Security
1. Using strong passwords is important (including on your mobile devices)
You know how when you are asked to create a new password there’ll sometimes be a strength indicator? It’s there for a reason. A strong password greatly reduces susceptibility to online breaches. Here are some tips for creating a strong, memorable password, and there are tools out there to test the strength of your current passwords. For additional protection, change your passwords regularly and avoid using the same password for everything. If your cell phone contains client data (if you use email on it, then it almost certainly does), using a PIN code is an absolute must.
2. Cloud storage is almost certainly safer than your local storage
Most cloud companies provide a high-level of encryption on the data they store, although it’s always worthwhile checking their security policies. Smokeball automatically backs up your data (including emails) and uses bank-grade security and encryption. If you are making data back ups to local devices; external hard drives, laptops or USB sticks, then you’ll need to set up your own encryption for these devices. If you don’t, your data is at risk. This is one of the key benefits of using cloud-based matter management. Your data is safe and you don’t have to worry about backing your files up on local hardware (which could be lost or stolen).
3. Giving password access to multiple people is the number one way to put your data at risk.
It seems obvious, but you should avoid giving anyone access to sensitive data unless they can be held to account. This includes friends, family and colleagues. If you need to terminate an employee, make sure you completely remove their access to your firm’s data.
4. Being prepared = avoiding disaster
It’s not the most enjoyable thing to think about, but you need to have a plan in place if things go really wrong. I’m talking natural disasters, office building fires, rogue employees or hardware meltdowns. Using the cloud to store and encrypt your client data means that on the off chance something does happen to your office, you are safe in the knowledge that your data is backed up externally (and safely).