Why We All Need an E-Security Audit
July 7, 2011
With the emerging focus of the paperless office, the cloud-based office systems, and the portability of the law practice, we necessarily face increased security risks in the protection, maintenance, and access to our information. Lawyers now work from wherever they happen to be. I believe with this increased portability of our practices comes the need to conduct e-security audits. With the rapid pace that technology is advancing, such an audit should be done at least yearly. Some of the items an IT professional would assess are security protocols and policies, outdated hardware and software, end user risks, education and training of staff, back up systems, etc. The idea is to do whatever you can to avoid lost, deleted, corrupted or compromised data. Does you firm have employee policies covering use of e-mail, use of laptops away from your office, encrypted flash drives, accessing files from home, loading software or applications on work computers, or social networking sites? If you don’t, perhaps you should. For example, it may be your firm’s policy to allow employees to access their personal web based e-mail accounts from law firm computers on a limited basis, but what about opening attachments? Attachments from unknown sources may be potentially harmful and could cause damage to network systems even if accessed from a strictly web based e-mail account. An e-mail policy about the opening of attachments could provide guidance to your employees and protection of your operating systems. What about lawyers taking laptops and flashdrives with them wherever they go. Is data stored locally on the laptop or unencrypted on the flashdrive? These items are lost or stolen every day. A firm policy about not downloading information locally to your laptop or only carrying encrypted flashdrives would provide some protection. Your IT professional can brainstorm these and other solutions to security issues your firm faces.
Don’t have an IT staff person or IT company that you work with? My motto has always been, don’t do something yourself that you can hire someone else to do (and who does it much better). Stick to practicing law as that is what you do best. Leave the security to the professionals.