We’ll be at Social Law Library on December 8th with practical guidance on data security for small law firms.
If you’re wondering exactly what your small law firm needs to do to protect against threats to your data, this program is for you. Bring your specific security needs, and work with experts who can give you practical, actionable advice to stay out of trouble and keep you and your clients safe.
You are tasked with keeping confidential client data. A breach of that data would not only violate your ethical obligations to your client, but it could also result in lawsuits, fines, and, as a result financial distress to your law firm. Law firms must learn how to protect against threats to their data. You will leave this program with practical, actionable information that you can implement in your practice immediately.
Find out how to recognize common threats, protect your computer systems + devices, secure your communications, and navigate cloud technology from expert faculty, who will even be available after the program for individual consultations.
To scare you into better data security procedures and habits (and maybe attending this program), Kurt relayed to us approximately one million questions that you really need to consider. Data security for small law firms is a huge liability, but you can manage it effectively by getting proactive – and interactive. Take it away, Kurt:
Security patches, Antivirus, Firewall, VPN . . . All nice buzzwords, catch-phrases and feel-good terms, right – but do they matter? Okay. They’re important and yes, they matter. You know what really matters though?
Your relationship with your IT staff. Your involvement with your IT staff. Your knowledge about what your IT staff does all day. These things matter.
The biggest mistake you can make in IT is not being involved.
Where is your data located and how is it backed up? Seriously, how many backups do you have, where are they stored, and when’s the last time YOU tested a backup? Have YOU pseudo-deleted an important file and asked IT to restore it as a test?
How about disaster recovery? Exactly how long will it take you to recover from total disaster (let’s say your building burns to the ground)? How long until your business can be 100% operational in another location? Have you tested the strategy? You, personally – have you seen the strategy tested?
What about those pesky patches and updates? When’s the last time you’ve viewed a report showing you exactly which PCs are up-to-date and which aren’t? What percentage of your devices are 100% up-to-date with the latest Mac or Windows updates?
Is your firewall 3 years old? Do you know that firmware updates (i.e. software updates that fix security holes) are released often for those devices? How many firmware versions behind is your firewall at this very moment?
Ransomware? Ah yes. Are you aware that your server can be configured to be highly resistant to ransomware? What specific steps has IT taken to prevent ransomware from destroying your data. (Hint: If the answer is “well, we stay up-to-date with antivirus software”, they’re not doing their job).
What were the results of your last penetration test (you have run a pen test, right??)? Were any security holes that were discovered resolved?
You see where I’m going.
Don’t hang your head in shame. You’re not alone. I have no hard statistics to back up my claim, but I’d bet that 95% of the people reading this never verify the integrity of their IT systems, yet those systems are the heart and blood of their organizations.
Being involved in IT is not as difficult as you’d think. You need IT folks to do the work and maintain your IT investment – and no one expects you to know how to update the firmware on a firewall. But you’re an attorney, and this is your clients’ data. You need to review some proof that it was updated, that your backup systems work, and that your servers can survive a ransomware attack.