How to Properly Manage Security Threats at Law Firms

May 18, 2018

While all businesses have legal and ethical obligations to secure consumer data, some industries must also work to protect additional information provided by their clientele.  Law firms, in particular, are inundated with information that falls under the protection of attorney-client privilege, which means it must be kept confidential.  In other words, law firms have to be diligent where data security is concerned.

How does this translate to practical applications?  There are several kinds of security measures to consider, including both physical and virtual security features.  Here are a few strategies to implement in order to properly manage security threats at your law firm.

Building Security

Law firms can’t have people wandering in and out unannounced and gaining access to sensitive client data, which is why building security is a good place to start when it comes to protecting confidential information.  At the very least, building security should include a single point of entry (with other doors remaining locked, even during business hours) so that guest will have to go through a check-in process at the front desk.

However, you might also want to include a keycard system to move throughout the building.  This will ensure that even employees cannot gain access to areas where sensitive documents are stored, and you will have a record of who is accessing different areas of the building.  You should also institute a clean desk policy that ensures documents are never left lying around on desks, where anyone could see sensitive data they might not otherwise have access to.

Digital Security

There are plenty of options to explore when it comes to virtual security concerns.  Not only do you need the basics, like firewalls and antivirus/anti-malware software, but you need strict policies regarding password protection.  This includes the use of strong passwords (12+ characters with upper and lowercase letters, numbers and symbols), changing passwords frequently (say, every three months), and creating penalties for employees that fail to keep their passwords private.

You’ll also need to restrict access to certain areas where sensitive data is stored, as well as create a secure VPN for off-site login and perhaps an FTP site for secure file sharing between attorneys and clients.  Finally, you should consider encryption of all documents, as well as encrypted email communications.

Disposing of Hard Drives

At some point, every business must consider upgrading to new equipment and programming to adopt modern security features and ensure the greatest level of protection.  This leaves law firms with the dicey proposition of disposing of old hard drives and ensuring the total destruction of the confidential data they once contained.

This is most easily accomplished by partnering with a reputable and reliable service provider, preferably one that provides proof of disposal, such as certificates of destruction and recycling.  Law firms will want to seek out services that not only overwrite data, but also securely destroy and recycle physical components.

Law firms operating in and around Sioux Falls, SD can contact SEAM at 605-274-SEAM (7326) to find out more about the comprehensive data destruction services offered.

SEAM provides IT recycling and data destruction services including onsite shredding and hard drive wiping to South Dakota, North Dakota, Minnesota, Iowa, and Nebraska.

Schedule a pickup or contact us for more information.