Anyone who has lost data in the past is much more aware of protecting data today. Data loss can be as simple as losing a document (that you worked on for hours), or as catastrophic as losing all of your data due to a hard drive or server crash. Any type of loss can be devastating for your practice, your firm or your wallet.
In an ode to David Letterman’s Top Ten, I am providing a short, efficient list to help protect your data today. These are not things that your IT person needs to do, but things that you or your firm can do today:
Maintain Physical Security – The easiest way to protect your data is to physically secure it. Lock your server room door, and lock your server doors (yes, they have locks). Secure your laptops to the desk or (at least) to the docking station, and be sure to keep printers and fax machines out of high traffic areas where office visitors can easily take paperwork that is waiting for someone to pick it up. And don’t let your guard down when you leave the office; make sure you lock your car if you keep your laptop, iPad, or phone inside.
Use Virtual Security – The next best thing to a physical lock is a virtual lock. Screen protect your smart phone and iPad now. It is easy and simple to do and you will be thankful for it when your iPhone ends up in a taxi cab’s back seat in New York or Atlanta. Also be sure to enable the Find My iPad/iPhone app so that you can find where you left it. Invest in encryption software for an extra layer of protection. (See instructions for password protecting your iDevice here.)
Use Strong Passwords - I mean really strong passwords with 12-15 characters. It doesn’t have to be hard to remember. Use a song phrase – Dude looks like a lady – and your password becomes "Dude l00ks like @ lady!" Change passwords regularly but especially if an employee leaves.
Back It Up - Back up your data, and then test your backups regularly. Make sure that your email is backed up as well. Keep your backed-up data in multiple secure locations. If backups are stored on USB or thumb drives, make sure to password protect them.
Protect Against Viruses - Virus/malware protection is effective, but only if your computer is scanned regularly for these threats and your virus/malware patterns are up to date; but updated virus/malware programs are only half the job. Be sure to set up your software so that it automatically checks for new virus/malware updates daily, and runs a regular (weekly) scan of your computer. Also, since some malware poses as virus scanning software, know the name of your virus software. If another program is asking to scan your computer for viruses, just say no.
Update Your Software – Install updates for Windows, Adobe, Java and other software programs in a timely fashion. The updates help with bug fixes as well as security issues. However, software updates are not without risk. A bad update can wreak havoc on your computer, so update with care, but regularly.
Know Your Cloud Provider - If you use the cloud for anything from email to documents, read and understand the Terms of Service. Understand who has access to your data, who owns your data and what happens to your data if the cloud provider goes out of business or gets bought or merges with another company.
Encrypt Your Dropbox Account - If you have any client data stored in Dropbox, be sure to have some type of encryption program like SecretSync running alongside Dropbox.
Don’t Trust Your Email - Email is a great way to receive and transfer information as well as malware. If an email looks suspicious, it probably is not safe to open and if an email looks too good to be true, it probably is. (Is your niece really in England without her wallet? Did everyone just get the same message from Intuit about your taxes being late?). Better yet, use a spam filtering program like AppRiver so they do not get to your inbox in the first place.
Google Yourself Regularly - Just do it. You never know when someone might be using your picture or content on a valid or not so valid site. You need to be aware of comments on yelp.com and ratings on avvo.com.
While this is not a complete list by any means, it serves as a brief introduction to the Data Security Policy developed by Lawyers Mutual. This comprehensive article explains many of these topics in depth and provides an example Data Security Policy that your firm can use today. I encourage you to create, update and maintain a Data Security Policy. You can make it part of your employee manual and have employees read and sign it as a condition of employment. Maybe not today, or tomorrow or even next year, but someday, you’ll be glad you did.
Pegeen Turner is the President of Turner IT Solutions, a Raleigh-based legal technology firm. Pegeen works with small and medium-sized law firms as they start-up as well as firms that need help maintaining and integrating legal technology into their practice. In addition, she helps firms understand the risks of cloud computing and how to incorporate cloud computing into their practice. firstname.lastname@example.org, www.turneritsolutions.com , @pegeenturner
Pegeen Turner, President of Legal Cloud Technology, a Raleigh-based legal technology firm, works with small and medium-sized start-up law firms, firms that need help maintaining and integrating legal technology into their practice and helping firms understand cloud computing.