Login | April 19, 2024
The other way data is compromised
RICHARD WEINER
Technology for Lawyers
Published: July 8, 2016
We write a lot about data compromised by outside forces like hackers and phishers.
But a great deal of data is lost by people who are associated with the firm. That includes data that is acquired by a third party through carelessness, negligence, or malice by someone inside the firm, or someone who has recently left the firm.
According to a recent IBM survey, over 40 percent of executives said that negligent loss of data by the action or inaction of insiders is their most serious security threat.
That insider activity includes loss of laptops, tablets and phones, as one would think. But it also includes deliberately ignoring security protocols (creating a “shadow IT”), ex-employees inadvertently or deliberately compromising firm security, and insecure firm Wi-Fi that can be accessed by the public.
For instance, one story goes that an attorney was sued in malpractice because a client was able to access his own legal files through the firm’s Wi-Fi.
Here are some steps to help mitigate these security risks, courtesy of Optiable.
First, and again and again, actually have a policy to address this issue, to be signed by each employee, including complex password requirements for all devices, work product ownership (the firm should own everything), encryption requirements, and limits on data sharing apps like Dropbox.
Next, turn on email archiving. Then, you don’t lose any emails!
Disable all accounts of all ex-employees as soon as they leave the firm, and change all passwords, including the Wi-Fi password. And, of course, randomize and change passwords incessantly.
Digging even deeper, create two Wi-Fi networks—one in-house, and one for guests (BYO), each with its own passwording.
Use document managing software (DMS), with encryption (Worldox expects to introduce native encryption soon. Scoop!). The DMS should be set up to control all firm documents, including giving a full history of each document, preventing employees from deleting any docs, and prevent unauthorized copying of docs.
Mobile device management (MDM) software is available so the firm can control all mobile devices that have access to firm data. MDM apps include Kaseya, Bushel, Mobile Device Manager Plus, LabTech, Hexnode, and dozens more (find an extensive list on the website Capterra).