Security is a highly discussed topic these days and for good reason. Much of our lives have moved online, making aspects more convenient like banking, organization, and staying connected. At the same time, however, it’s also put us at more risk. While we should each take steps to protect our personal identity and information, as law firm owners, we also need to do the same to protect the information of our clients.
Having proper security measures in place often requires a robust and comprehensive plan, but there are steps you can take today to start heading in that direction. Here are three simple ways to upgrade your firm’s security.
Use 2FA
Two-Factor Authentication (2FA) is an added layer of protection that goes beyond just needing a username and password. It’s sometimes called “two-step authentication” because after passing the first step of providing the right username and password, the system requires a second step of authentication before granting you access. This second step typically includes providing a security token (like a one-time passcode that is continuously regenerated) or a biometric factor (like a fingerprint).
Having 2FA enabled makes it more difficult for someone with malicious intent to access your account. Not only would they have to have the right username and password but they would also need to pass the second authentication step, which should be difficult because they (presumably) wouldn’t have access to the security token generator or biometric factor.
Where available, turning on 2FA for any software or system in your practice is advisable. Consider your email account, case management software, client portal, document generator or storage, and website. While it may mean it takes a few extra seconds to log in, the increased security is well worth it.
Quick side note: it should go without saying that the first step of access, your username and, in particular, password, shouldn’t be something easily guessed or figured out. Passwords should never be reused or something a clever or observant hacker could figure out by doing a simple online search about you. Instead, use a password generator that creates random passwords for every account (and then a password manager to keep track of them all). Build your firm’s security on a solid foundation, otherwise, you’re only just dealing with a house of cards.
Always Connect Through a VPN
Whether you work from the office, from home, or in the cafe with the best coffee, connecting to the internet through a VPN will help ensure the connection is secure. VPN stands for “Virtual Private Network”, which is like an encrypted tunnel that your data travels through when you connect to the internet. Being encrypted means that prying eyes cannot easily gain access to the information being transferred without knowing the decryption code. VPNs also hide your IP address.
Because we work with and often hold a lot of our client’s personal information, it’s important that our connection to the outside world is protected and as secure as possible. There are several reputable VPN providers that work across all different internet-ready devices (e.g. computers, tablets, and phones). They are typically easy to install and use. There’s really no excuse to connect without one.
Step Away from Email
Email has become so ubiquitous that it’s hard to imagine a time before it. While it makes it easy to connect with clients, email is the least secure form of communication. Using a secure communication method like a client portal that requires a login (and ideally 2FA) is a much better way to connect.
When considering which software to use, you’d want to choose a system that doesn’t add too much friction to the client experience. The client shouldn’t have to complete several steps to actually get to the message like, say, getting an email alert about a new secure message, logging in, going back to their email for a code, and then finally getting to the message. (I’m looking at you, Microsoft.) You want to find a nice balance between usability and security. And my guess is that, knowing the online threats that exist, clients will appreciate that you’re taking the extra step to keep your communication secure.
Of course, if you’re asking for or collecting any sensitive information from clients, that should absolutely be done through a secure method. Or at the very least, the sensitive information should be redacted before sending. In other words, please don’t send things like unredacted tax returns, medical records, and bank statements as an attachment to an email. (I’m looking at you, opposing counsel.)
As our world continues to become more and more digital, it’s important to make a reasonable effort to say abreast and implement at least the basic measures, even if it means going outside your comfort zone. While there is much more to security and ensuring a robust system is in place, these three tips will get you started in the right direction.
Want to learn more about how technology can improve the function and productivity of your firm? Check out our FREE Tech Guide for Lawyers. In it, we cover the best approach for using technology in your practice, what features to weigh in a dozen different categories, and possible service providers to consider. Download your copy today!
