Law firms’ data securities, though making substantial progress, still have room for immense improvement. Below are a handful of the most common mistakes law firms make when considering (or perhaps not considering), data security:
Unaware of the Encryption Level of Stored Data
The United States government is responsible for setting the standard encryption level; currently the standard is FIPS 140-2. To ensure safety of data, any standard less than that set by the US government is not adequate and will only cause your firm heartache when your data is breached.
Key Applications Not to be Patched
Some applications (e.g., Apache servers, Java, Adobe Acrobat Reader and Adobe Flash) are seldom patched. However, these are the ones have been most subjected to hackers and are thus the most vulnerable. This may even happen amongst a skilled IT team. Patching programs are often forgotten about after installment and do not raise awareness until a problem has occurred. Yes, these patching systems offer more protection to your data security, however, these programs always have a blindside that leaves your system at risk.
Unaware of the Location of the Data Stored by Your Cloud Computing Services Provider
Data is stored both in and out of the United States. Data, regardless of cloud companies’ physical location, can be accessed by the United States government due to the Senate’s vote against NASA reform. Therefore, a law firm should choose a provider that is both proficient in regulation of all jurisdictions and assures where data is stored. The provider should provide detailed information for you regarding the location of storage and how you can access it.
Unaware of Normal Activity
It takes an extremely skilled hacker to access a foreign network without causing a disturbance in the security system. The problem is that most law firms cannot detect the breaches in security because they have no gauge of normal activity. In a report put out by Verizon, the company notes that nearly every successful hack last year could have been detected and then acted upon if only good criterion were put in place.
IT services for law firms are so vital because almost every hack is 100% preventable. Bad things do not have to happen to your law firm and can certainly be avoided!
Unaware of Running Applications
To fully understand this concept, every application on every PC in the law firm’s network must be known and accounted for. This is important because computers that have recently been purchased come with an abundance of apps that are rarely used and usually unnecessary. In addition to the apps that come with the PC, users install many more over time. Vendors sometimes purposely design security gaps that lead to trouble for your PC.
There are certainly more considerations for law firms when it comes to proper data protection, data storage and data security, but these are the most important and should provide a baseline for your law firm to begin work protecting your data and more importantly, your reputation.
The author, Robert A. Martin, is the President of Great Lakes Computer Bob has a B.S. in Electrical Engineering from the University of Akron. He joined the company in 1995 and has held multiple positions including Large Account Sales, Sales Manager, VP of Operations, and now serves as President. Although he oversees all operations, Bob’s primary focus is in the areas of sales development, strategic direction, government sales and large account management. Bob is the author of Great Lakes Tips on Tech Blog.