It’s safe to say that law firms see their IT as mission-critical to their success. A simplified breakdown of IT for a firm could be described as — infrastructure, security, software, and support. Many firms outsource their IT department to IT Companies in hopes that they can guide them into the right decisions for these big 4 categories. Different firms have different needs and budget considerations. A firm can be a one person operation, a single office with a dozen staff, a large firm with hundreds of employees across different locations, or something in-between. Whether you are a solo practitioner or a multi-office law firm, here are a few universal best practices that we’re sharing:
#1 – Ditch the on-premise applications for hosted or cloud-based applications.
There are countless reasons companies across all industries are switching to cloud-based applications. Chief among them is getting your firm into the 21st century and off that legacy on-premise legal software.
There are many benefits to the cloud: work from anywhere, your vendor maintains & updates the platform, built-in redundancy, scalability as you grow, and more.
#2 – Secure your email with archiving, outbound encryption, and backup.
It’s safe to say that lawyers are dependent on email. Beyond using Office 365, know that you should be using a solution to archive your email in case of an eDiscovery request.
If you’re emailing Personally Identifiable Information (PII), you must encrypt this information so that only your recipient can read it. The same solution that archives should be able to offer outbound encryption.
Finally, Office 365 does NOT include any form of backup out of the box. There are types of “recycle bins” built into Office 365, but know they can and will be purged. Backups should be to a separate platform that cannot be affected by your staff or malicious actors. If you are compromised or a rogue employee wipes data from Office 365 in a few locations, you may have lost data forever. Use a third party solution to backup Office 365 to a separate platform to prevent this.
#3 – Protect the endpoints with high-end anti-virus/anti-cryptolocker and full disk encryption
Endpoints, aka any device you use to access company resources, are the most highly attacked targets in 2021. Your staff gets sent emails with malicious links, they browse sites with embedded exploits, and you’re one click away from disaster if the right precautions are not made.
Start with using a robust anti-virus solution that is hunting for cryptolocker behavior. Cryptolockers lead to ransomware which leads to breaches, loss of data, insurance claims, and possible closing of businesses in some cases. Your IT Company should be able to explain to you why the anti-virus solution they’re including or reselling is strong enough that they put their reputation on the line for it. Also, the right solution will have integrated full disk encryption implementation and monitoring. If you lose a laptop and it’s encrypted, it’s a non-event — call your IT guy and buy another laptop. If it’s un-encrypted, it’s a breach — call your insurance company.
Tip: low-cost IT providers choose low-cost anti-virus software. This is NOT an area to treat cheaply, as the stakes have never been higher. You should also have a conversation about your IT provider’s cybersecurity insurance policy. It’s hard to qualify for this type of insurance in 2021 and uninsured providers are ticking liability and risk time bombs.
Does your law firm need help creating a comprehensive strategy to protect against malicious actors and breaches? With extensive experience working with law firms in the Greater Phoenix Area, PK Tech can help your firm too. Contact us here.