The current status of information security in law firms: is it enough?
Written by Judy
Paralegals work in a wide variety of working environments that are determined by the size and structure of the firm. Also dependent on the law firm’s size is the number of people that paralegals work with, internally and externally. Working and sharing information with a large number of people, including business partners and clients as part of your job, leave open chances of confidential data being compromised.
As firms move more towards a paperless office (although we probably won’t see a paper-FREE office being adopted any time soon due to the nature of our legal system where hard copies of documents are necessary for certain procedures), paralegals must be more conscious about how their digital information is stored. Many offices have adopted a file server for a more convenient way to organize, file, and share work information because let’s face it, legal departments and firms generate tons of documents and finding a document stored digitally is exponentially easier than finding a hard copy document in a file room. Based on the size of the firm, most computers on a site are usually networked to the server, allowing convenient access to information when needed.
Lawyers and their partners indeed generate a lot of paperwork-paperwork that comes with every step of a legal proceeding and correspondence. These need to be stored in a cloud computing server or a file server with access control so that only you and your partners can view or take out the files with written authorization, while allowing limited server rights to your staff and support personnel. A lot of solo practitioners nowadays seem to already have a file server networked to most of the computers in their office and worry about remote access for their new setup. I mean, it’s understandable because nowadays, everyone’s on the move and working while on the road. So, easily accessible documents whether on a mobile phone or laptop works best for a lot of smaller law firms. For larger firms, VPN is usually applied to allow secure remote access for offices around the world while keeping the convenience. However, what many of the practitioners don’t realize is that although the convenience is great, the bare minimum security to meet legal requirements is not enough to protect your firm from disaster.
But you’re a small firm and you don’t think you’ll be directly targeted? All the more reasons to be worried. According to the American Bar Association, “on November 1st, 2009, the FBI issued an advisory warning to law firms that they were specifically being targeted by hackers.” While smaller firms may think that this does not apply to them, according to Matt Kesner, CIO of Fenwick and West LLP, “China is often responsible for state sponsored hacking —and that the country doesn’t waste its “A” squads on law firms because their security is so dreadful. The rookies on the “C” squads are good enough to penetrate most law firms.” This is exactly what the situation still is today- law firms (large and small) in its current state are easily breached and many may not even know that they have been.
As many law firms make the transition to digital, the need to upgrade and apply stronger yet practical and efficient information security solutions are absolutely necessary. Aside from securing the physical location of the file server, the data stored inside must be protected as well. Password protection, access management, and a monitoring system can make the difference in keeping confidential files safe from accidental or malicious leaks.