For a law firm there is no doubt that protecting client data is absolutely critical. Cyber criminals are on the lookout for sensitive information they can use to extort money and with the new General Data Protection Regulation due to become mandatory by 25 May 2018, there has never been a more important time to look at how you store, process and protect personal information.
The Solicitors Regulation Authority puts it very succinctly: “Protecting yourself – and your clients – from threats requires constant vigilance.”
Clients need to have trust that their personal information is safe and well looked after, just as they trust a bank to keep their money safe. So ensuring they have trust means making sure access to their data is carefully controlled and that the systems used to store it are secure and protected in the event of an unforeseen incident, such as a hardware failure, a cyber-attack or human error.
Now is the time to take the long view in order to keep client data safe, and protect the reputation of your law firm. Take these steps today to protect for the future.
Add redundancy to your security systems
Deploying a bit of security software or a firewall is no longer enough. Take a multi-layered approach and put measures in place to protect your infrastructure, your network, your applications and the entry points for the devices being used in your firm. Find out more.
Control access to data
Introduce a security access strategy where servers and devices are off-limits to all but those with encryption keys. Ensure devices are password protected so when staff leave they can’t get back in to your systems.
Make sure routine upgrades and patches are applied regularly to protect against potential viruses.
You might be using the best software available, but if you don’t update it routinely it could become a back door into your systems.
Back it up
Keep a copy of your production data – preferably at a separate location – and make sure your recovery point and recovery times are in line with your business strategy. It’s all well and good having a backup but if you don’t check it regularly, you may find that when you really need it, recent data that’s vital to your operations can’t be retrieved. Find out more.
Work with expert partners
Investment in data centre infrastructure is expensive. By working with an expert hosting partner you don’t have to bear upfront costs for hardware, cooling and power, plus you can leverage their expertise across the IT spectrum – from shared hosting to private cloud to DDoS protection. Decide as a business what level of security you need and then choose a partner that can deliver to it and can help you continually update it. A responsible hosting company will work with you to create the solution that best suits your requirements.
Decide what your security policy and procedures are and then educate and train your staff to follow them.
By following these six steps your clients can be sure in the knowledge that you are taking the right approach to protecting their data.