← Return to Law Firm Launchpad
Fortifying Your Law Firm’s Electronic Data Security
(Current as of August 2020)
The ABA Model Rules of Professional Conduct impose various ethical obligations on attorneys when it comes to law firm data security and the safeguarding of electronic client information.
For example, Model Rule 1.1’s duty of competence requires lawyers to “keep abreast of . . . the benefit and risks associated with relevant technology.” Model Rule 1.6’s duty of confidentiality requires lawyers to make “reasonable efforts” to prevent unauthorized access to client information. And some ethics opinions have held that Model Rule 1.15, which imposes fiduciary obligations on lawyers to safeguard client property, applies to electronic files.
Below are some common steps you can take when starting a law firm to boost your law firm’s data security. (Be sure to check your state’s ethical guidance on the subject, too.)
Use A Virtual Private Network (VPN)
Any data you send or receive when connected to the internet is susceptible to digital eavesdropping. If you’re on an unsecured Wi-Fi network (at an airport, café, library, etc.), you could be exposing sensitive information to cyberthieves or other bad actors who are using the same network. Even if you’re on a private network or using a hard-wired connection, some of your web activity may be logged and exploited by your internet service provider, websites you visit, or services you use.
A Virtual Private Network (VPN) essentially transmits your data through an encrypted tunnel en route to its destination. By logging on to a VPN before engaging in your normal online activities, you can hide sensitive information that could potentially make your clients—and your firm—vulnerable.
NordVPN and ExpressVPN are both highly rated VPN providers.
Get A Password Manager
So many online services require a login and password these days that there’s actually a term for the overwhelming feeling you get from trying to keep track of them all: password fatigue. While you may be tempted to use the same password across multiple platforms, with data breaches on the rise it’s more important than ever to maintain a strong, unique password for each service you use—particularly when you’re handling sensitive client information.
A password manager is a secure application that will generate and store a unique, complex password for each online account you hold. All you have to do is remember your master password, and your password manager will remember the rest.
Consider 1Password or Dashlane for your law firm’s password management.
Enable Two-Factor Authentication
Although strong passwords are critical, many online services also offer “two-factor” authentication as an added means of protection. Two-factor authentication is a second way to verify yourself in addition to a password (such as a unique numeric code sent to your cell phone, fingerprint scanning, facial recognition, etc.). As you set up online services for your law firm—from email, to banking, to practice management software—inquire whether two-factor authentication is available, and enable it whenever possible.
Steer Clear Of Malware
Malware (short for “malicious software”) is a broad term used to describe viruses or other threats to your computer that are generally designed to cause damage or steal data. Here are some recommended guidelines for avoiding malware:
- Regularly install all available updates for your operating system and browser
- Use an email spam filter
- Don’t open attachments or install software from unknown sources of origin
- Always run an antivirus program and conduct regular scans
- Always run an anti-malware program (included with many antivirus programs)
- Always run a firewall (included with many antivirus programs)
- Always run an ad & pop-up blocker (AdBlock is free and does both)
In addition to installing proper software and keeping it up to date, perhaps the most important thing you can do to avoid malware is to remain vigilant in your online activities. Always think twice and verify the source before accepting requests to download or install new programs or input any personal information.
OTHER ARTICLES ON THE LAW FIRM LAUNCHPAD:
Choosing A Business Entity Structure
Getting An Employer Identification Number (EIN)
Getting A Business Credit Card
Opening Law Firm Bank Accounts
Buying Legal Malpractice Insurance
Assessing Your Furniture And Office Supply Needs
Setting Up Internet, Phone, and Fax
Assessing Your Computer And Technology Hardware Needs
Assessing Your Software Solutions Needs
Setting Up Mailing And Shipping Accounts