Steps to ensure data security at law firms!

The scandal of Panama Papers might not die atleast for a couple of weeks from now, as many astonishing details about the law firm’s activities are coming into light via various media sources and that too on hourly basis. The Panama law firm named Mossack Fonseca is an organization which specializes in dealing with financial issues like frauds, scandals, money laundering and other such scandals

Last week, the law firm’s big heads discovered that hackers have succeeded in breaking into their database to steal over 2.8TB of data records. The company has now decided to upgrade its enterprise data security further and have necessary policies in place to ensure that another data leak doesn’t take place in future.

Now, for law firms big and small, here are some tips to keep their data safe and secure from the hackers.

Tip 1- Law firms face threats from many different sources such as state sponsored hackers, industrial espionage by client competitors, disgruntled departing employees, and even individuals who use scripts or programs developed by others to scan for and attack computer systems and networks. Hence, keep your IT environment safe and secure.

Tip 2- Changes to security might bring production at a law firm to a standstill. Therefore, if you need to make changes to security, the changes should be implemented in a way that does not impede attorneys’ abilities to perform work for clients. Law firms should well balance the need to protect client data and the need to access it. Also make sure that your data storage environment is free from ransomware viruses such as Cryptolocker.

Tip 3- By making careful technological selection, planning and preparation; law firms can avoid disruptions. Ensure that your firm has the best security system in place which is easy to use and is secure enough. Implement new systems and procedures only after they are vetted and tested by a small group of users. Prepare new users by giving them advance notice and creating a training plan that covers the topics in a language they understand.

Tip 4- Better to organize security awareness training sessions in your office premises to increase end users awareness of the firm’s security policies and potential threats to the firm. Security awareness training is probably the most important step to preventing incidents, such as the CryptoLocker virus that has infected numerous law firms in the last few months. Additionally, these sessions can also help in building a trust among present and future clients.

Tip 5-Ensure that the vendor who is hosting your data in the cloud, need to pay particular attention to secure and protect your data. Review every vendor’s commitment to protect your data, as well as their security certifications and policies.

Tip 6-Every law firm should ensure that they have top notch antivirus, antispam, malware and intrusion detection in place. Routinely check firewall logs. This will highlight the extent to which users are under attack and make you aware of administrative access and changes to your firewall. Better to check for firewall configuration on a periodical note for unwanted changes. System admins in law firms should also monitor and manage user accounts. Scan for user accounts that have not been accessed for a period of time, stale passwords and membership in administrative groups. Every IT administrator has added users to high-level security groups, such as domain administrators, in order to test and troubleshoot issues – only to accidentally leave them in groups where they do not belong.

Tip 7-Already users all over the world using online services are well aware of two-factor authentication. So, implementing this procedure in law firms will greatly help in keeping the data safe and secure from unauthorized access. This security method implementation will provide significant increase in the security of systems accessed remotely.

Tip 8-Server room doors and cabinets should be locked when possible. Server room access should only be allowed to those who are connected to the field and who are in-charge of the activities. Better to have a security camera system that includes options for recording physical access. Stored data should be encrypted. Employees must be trained for locking their laptops and data storage devices when they are not using them. No data, either printed or electronic, should be left unattended.

Tip 9-Third party audits should be carried out once a year. A third party security expert will help perform a top down evaluation of IT systems, security policies and practices, and will review physical access to the systems.

Tip 10-If hiring a third party security expert is proving expensive, then enterprise IT professionals should carry out the break-in test to identify any vulnerabilities. But the test has to be executed with care, because if it is performed recklessly it can cause system or network damage through buffer overflows, Denial of service attacks and misconfiguration of systems.

Tip 11-At the end of a security audit or break-in test, you will receive a remediation plan. The IT department should carefully review the recommended changes before implementation to consider any possible adverse effects on other systems and end users. Some believe that threats are irrelevant for small firms, but nothing could be further from the truth. It is increasingly common for clients of law firms to dictate security requirements, so all firms should make strengthening security policies a top priority. Now is the time to start a discussion about security within your firm.

Need professional help in setting up foolproof data security plan in your enterprise environment?

Click on DNF Corp web page or call 510.265.1122 to talk to expert


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s