How well do you understand your data security? If you’re confused by all the issues needing to be addressed, you’re not alone.
Recent events at Sony Entertainment show that anyone is vulnerable if they don’t keep their systems updated. Credit card data theft at large stores such as Target and Home Depot further enforce the dangers inherent in doing business in today’s online market.
Important potential data security risks can be determined by reviewing cyber security insurance applications. Here are few issues that apply to legal business that you should consider:
Maintain written policies and procedures. Having a written policy regarding data security provides employees with appropriate law office computer activity. Policies should be reviewed and updated as technology changes. If you don’t currently have written policies, check out our Data Security Policy practice guide for assistance in drafting one.
Have a security guru, if possible. You should have a designated employee to make sure your computer security systems are up to date and working properly. This includes making sure software is up to date, testing security controls, and keeping up to date on security threats.
Use proper security software. Anti-virus and firewall security systems should be standard for all computers – personal or business. Additional software that cyber insurance carriers are interested in is an Intrusion Detection System (IDS) and a Data Loss Prevention system (DLP). An IDS provides notifications of unauthorized access to your network, whether from outside attempts or internal policy violations. A DLP protects sensitive data by monitoring its activity.
Implement employee security measures. It is recommended that employees frequently update their passwords to maintain system security. You can schedule automatic password resets through your security program to ensure this occurs. If an employee does not need sensitive data, limit access via user ID controls. In addition, it is imperative that any departing employee is removed from secure access immediately after they leave.
Secure data wherever it is. Many businesses are diligent regarding data security on their internal systems but less stringent for access when away from the office. Mobile and laptop devices should use a virtual private network (VPN) access when connecting to your internal network. Also, data should be encrypted when accessed outside of the office on laptops, mobile devices, or USB drives. Require remote wipe on mobile devices and laptops to prevent data security breaches if these devices should be stolen or lost.
Secure credit card transactions. If you process credit card payments, it is recommended you do not store the data to reduce your exposure. If you do store credit card information for the convenience of regular payments from clients, follow financial institution standards to encrypt and secure this data.
Routinely backup your data. To prevent total loss of data should the unthinkable happen, backup your systems frequently. If possible, nightly backups are recommended. The backup data should be encrypted and stored in a secure location. A redundant backup procedure further ensures availability of data should disaster strike.
Require service providers to include security in their contracts. If you use third-party vendors who have access to your sensitive data, the necessary security procedures should be included in the contract. Also, these vendors should maintain their own insurance that covers the loss if their system is breached.
Regulate social media use. Your firm should have a social media usage policy. This policy does more than govern what is posted on your firm’s social media accounts. Rules for user access and use of social media should be included. The goal is help prevent employees from clicking on a fake link that would open your network to cybercriminals.
Monitor your website content. One of the most overlooked aspects of cyber security is website content. This includes monitoring your comment section to remove any suspicious links that may be posted. Be sure that proper copyright agreements are in place before posting images, videos, etc. that were not created for your firm.
Maintaining proper security measures has become increasingly difficult as business becomes more computerized. Following the procedures recommended by cyber insurance carriers can help secure your data as best as possible.
If you have any questions regarding the security of your data, please contact Lawyers Mutual.
About the Author
Samantha Cruff is the Marketing Communications Coordinator at Lawyers Mutual. Contact Samantha for information regarding our available risk management publications at 800.662.8843 or firstname.lastname@example.org.