Data security is important for any company, but it's undeniable that law firms have it extra difficult when it comes to taking all the necessary steps to secure clients' Protected Health Information, what with HIPAA and all. In fact, data protection is absolutely critical.
No matter what industry you work in, any type of data that is held within your company, or even personally for that matter, risks the possibility of being hacked or breached. Law firms and lawyers provide a client-facing service and are entrusted with highly-sensitive information, making them a main target for hackers. With recent news-worthy cases, such as the Panama Papers scandal, the possible Cravath and Weil Gotshal data breach, and the fact that hackers are stealing information from lawyer-client email exchanges, it is definite that law firms need to employ the upmost security standards when it comes to storing and protecting their data.
If you think your firm doesn't have to worry, don't be fooled: it’s not just large firms that run the risk of a security breach. Mid-sized to small firms are just as susceptible. In fact, a survey from last year states that 1 in 4 law firms are victims of a data breach. 1 in 4!
Unfortunately, along with this fear of data breaches comes our fear of "the cloud" and it's supposed lack of security. Fortunately for lawyers and law firms, the cloud is no more vulnerable to hackers than any other data storage medium. (Well... Unless you're keeping all of your important files on a flash drive in your underwear drawer, but that system has it's flaws, too.)
Many believe that the cloud is an unsafe place because they honestly don’t know much about it or how it works, but the cloud is actually a great place to backup and store all of your company information. If something were to happen to a physical server, all of your information will be lost immediately; however, if everything is stored in the cloud, fear not, for your data is always accessible through any device with an internet connection. Of course, not all cloud software providers are created equal, and it's up to you (under ABA Model Rule 1.1) to know the potential risks of moving your firm to the cloud and to do your due diligence when it comes to choosing the right vendor.
If your cloud-based provider is properly encrypted and has a data storage and archival policy put into place, you shouldn’t have much to worry about. You can help boost your firm's security by ensuring that you use strong passwords and have 2-step authentication set up. In addition, be sure to routinely audit the access to your cloud service and see which users and devices are connected, removing old users or devices as necessary. Finally, make sure everything is always backed up. In some cases, your provider will perform regular backups of your data, but in the case that they don't, you should be fully aware of this and be prepared to run these backups on your own.
The false insecurity about storing sensitive information in “an unknown mysterious place” (AKA the cloud) ultimately becomes a setback for lawyers and law firms when it comes to modernizing their practices and keeping up with the changing pace of technology. For example, using a cloud-based legal management service can potentially increase your firm’s productivity, ROI, and easily reduce paper usage making your firm both environmentally-friendly and more organized. Less time spent digging for lost or misplaced documents? That's something everyone can be happy about.
For more information about the risks and rewards of taking your firm paperless, check out our 10-step How to Go Paperless White Paper. Hope this helps you better understand how to stay secure in the cloud. Let us know about any other comments are concerns in the comments below!