Lawyers need to know how their data is actually secured. Here are the questions you should be able to answer, and more.
We thank Kurt Simione, founder of Technology Seed, LLC. for this helpful guest post.
. . .
Security patches, Antivirus, Firewall, VPN . . . All nice buzzwords, catch-phrases and feel-good terms, right – but do they matter? Okay. They’re important and yes, they matter. You know what really matters though?
Your relationship with your IT staff. Your involvement with your IT staff. Your knowledge about what your IT staff does all day. These things matter.
The biggest mistake you can make in IT is not being involved.
Where is your data located and how is it backed up? Seriously, how many backups do you have, where are they stored, and when’s the last time YOU tested a backup? Have YOU pseudo-deleted an important file and asked IT to restore it as a test?
How about disaster recovery? Exactly how long will it take you to recover from total disaster (let’s say your building burns to the ground)? How long until your business can be 100% operational in another location? Have you tested the strategy? You, personally – have you seen the strategy tested?
What about those pesky patches and updates? When’s the last time you’ve viewed a report showing you exactly which PCs are up-to-date and which aren’t? What percentage of your devices are 100% up-to-date with the latest Mac or Windows updates?
Is your firewall 3 years old? Do you know that firmware updates (i.e. software updates that fix security holes) are released often for those devices? How many firmware versions behind is your firewall at this very moment?
Ransomware? Ah yes. Are you aware that your server can be configured to be highly resistant to ransomware? What specific steps has IT taken to prevent ransomware from destroying your data. (Hint: If the answer is “well, we stay up-to-date with antivirus software”, they’re not doing their job).
What were the results of your last penetration test (you have run a pen test, right??)? Were any security holes that were discovered resolved?
You see where I’m going.
Don’t hang your head in shame. You’re not alone. I have no hard statistics to back up my claim, but I’d bet that 95% of the people reading this never verify the integrity of their IT systems, yet those systems are the heart and blood of their organizations.
Being involved in IT is not as difficult as you’d think. You need IT folks to do the work and maintain your IT investment – and no one expects you to know how to update the firmware on a firewall. But you’re an attorney, and this is your clients’ data. You need to review some proof that it was updated, that your backup systems work, and that your servers can survive a ransomware attack.