For most of us, troubleshooting cybersecurity is difficult because we usually can’t see the problem and only find out about it after there’s been some catastrophic loss. Even if you are a cybersecurity novice, there are some simple things you can do and look out for to make sure your confidential client files are safer.
Consider Moving to the Cloud
While most attorneys are cautious about moving file storage to the cloud, in many ways, it can make your files more secure. The ABA has compiled a list of states that have issued ethics opinions regarding whether attorneys may use the cloud to store confidential client data. So far, no state bar has forbidden it, but a handful have yet to weigh in. California has published two ethics opinions on cloud storage – Formal Opinion 2010-179 and 2012-184. Both expressly authorize attorneys to use the cloud as long as they are diligent in selecting a cloud provider and take reasonable precautions to ensure their data is protected.
Virtually every attorney has already had highly confidential information in the cloud for years. Most banks and credit card companies store your data in the cloud. Some hospitals even store your medical records in the cloud.
The cloud can be a more secure alternative for a number of reasons. First, storing documents in the cloud allows administrators to control file access with login credentials and passwords. Several cloud service providers, such as Box.com, allow administrators to monitor who has viewed or edited files. On the other hand, controlling access and monitoring who has viewed paper documents is much more cumbersome and ineffective. The cloud also solves the problem of having multiple copies of a document floating around.
Consider the following scenario: in a personal injury case, an associate reviewing confidential and highly sensitive information, makes a working set of documents. Large files containing medical records are put on a flash drive and mailed to co-counsel. Another member of the firm e-mails a couple of drafts of the confidential mediation brief to himself to work on it from home. Fast forward several months to when the case has ended. Where is the flash drive that you sent to co-counsel? In his desk? In his file? Who has access to it? Did the employee delete all drafts of the mediation brief from his e-mail sent box and inbox? Have all working sets been filed or destroyed?
If the documents were all stored in a central location and you could delete them or cut off a user’s access, you would not have to worry about these problems. Microsoft’s Office 365 cloud services, for example, offer HIPPA-compliant data storage and bank-grade security for files they store online. As a side note, Microsoft will soon be releasing a commercial version of the cloud-based legal document management software used by their in-house counsel.
Secure Your Digital Documents
Take simple precautions. Often, the weakest link in cybersecurity is the user, not the software. Make sure that all devices that you use to check your e-mail or access your files are password protected, including cell phones, laptops, and personal home computers. If available, secure your file access with two-step verification, which requires you to enter a password and a code that is texted to you. That means that if a hacker in China cracks your password, the hacker would still need to have your cell phone to get the text message with the temporary code.
Several thumb drives, memory cards, and external hard drives come with encryption software that password protect your data. However, if you have confidential files stored in a memory card in your computer, it doesn’t matter if your computer has a password, because a thief wouldn’t even need to boot up your computer to eject the memory card and put it into any other computer to read its contents. On the other hand, if a password protected thumb drive falls out of your briefcase or pocket, you can rest easier knowing that your clients’ files are more protected.
Some of the best solutions to cybersecurity issues are the easiest to implement. Store your documents centrally, then restrict and monitor access. Secure your online accounts with an extra layer of security. Make sure your portable storage solutions are also password protected. Above all else, use reasonable care to protect your clients’ files so you can also protect your clients, your reputation, and your license to practice law.