This article is one half of a two-part series on cloud security and Keeping Your Law Firm Safe in the Cloud. Read more about your law firm’s security in the cloud in the accompanying post, Keeping Your Law Firm Safe in the Cloud: External Factors.
Cloud-based practice management systems and storage can lighten the clerical load for your whole staff, increase flexibility and efficiency, and save time.
The cloud is secure, but human error causes 90% of data breaches. The good news? You and your team have more control over the security of your firm’s data than you think.
With that in mind, here are a few areas to ask your internal IT about—or yourself!
Onsite data
If you have onsite data, where is it stored?
This matters for several reasons. First, your data should be stored in a physically secure location. And second, it’s a good idea to know who has access. It’s important to have clear accountability and preferable to avoid a situation in which one person has all the “keys.”
Encryption
Is your data encrypted? Encryption scrambles data, and only an access key can unscramble it. This protects data from being viewed by the wrong person. Aim for at least 256-bit encryption, and as always, know who has access.
Backups
How often is your data backed up, and where? If you fall victim to ransomware, how far back do you have to go to restore lost work? A couple of hours? A day? A week?
Data redundancy, or two copies of the same data stored in different places, is strongly recommended. Without this, if your only copy of the data gets corrupted, you can’t replace it.
Recovery plans
Do you have a documented recovery plan in place if your server or hardware crashes?
Having a recovery plan helps prevent a bad day from getting worse. If you lose your data, the last thing you want to do is to be stuck scrambling for a solution. Know what you’ll do—and write it down.
Staff-wide security policies
Staff training is a vital part of any security plan. Devise a policy and educate your staff on sharing secure information, appropriate methods of communication, password management, phishing, and more.
For instance, an email attachment isn’t encrypted. So if you have to send something important, use a secure client portal instead.
A security policy that the whole staff understands and follows is even more important when team members work remotely. Cybersecurity risks abound whether they’re using personal devices for firm work or accessing personal sites on a business device.
If you do have a bring your own device (BYOD) work environment, set a device policy. Be sure you can monitor how well it’s being followed and revoke access if needed.
Password storage
Using a strong, complex password is the first layer of protection against hackers. Password managers are an excellent tool for using different, robust passwords so that you don’t leave yourself vulnerable by using the same passcode for everything.
Multi-factor authentication (MFA) is also a good idea because it provides another security layer beyond the initial password. MFA can mean receiving a verification text or code or authenticating user identity from a designated device.
Security and staff offboarding
What security steps does your team take when someone leaves the firm? Even if a team member is retiring, it’s good to have processes in place to protect firm data. Plus, security standards and best practices continue to evolve, and a retired staffer may not prioritize keeping up with the changes.
Change shared passwords, remove office and device access, and revoke all other forms of access, too. This improves accountability for everyone still at the firm.
Regular review
Whether it’s implementing staff security training changes or auditing your own cybersecurity, data protection isn’t something you can do once and forget about.
Plan to keep yourself and your team up to date—and make full use of the efficiency and flexibility offered by cloud-based solutions.
To learn more, watch the complete on-demand webinar, Keeping Your Law Firm Safe in the Cloud (31:46).