Oklahoma law firms handle highly sensitive information on a daily basis. Examples include:
- Intellectual property details
- Confidential trade secrets
- Client personal and privileged information
- Case-related financial and medical information
Recently publicized data breaches emphasize the critical importance of reliable and effective data security. In February 2014, Washington-DC McKenna Long & Aldridge was compromised when hackers accessed a server belonging to one of its vendors. Information stored on the server included the names, addresses, social security numbers, birthdates, and other identifying details of current and former employees.
As a result of potentially catastrophic breaches like this, updated ethics standards require Oklahoma lawyers to take reasonable steps to ensure that client data remains safe. The methods and practices outlined below are all examples of the ways that law firms throughout the state are making confidential client information as hacker-proof as possible.
Require Two-Factor Authentication
Two-factor authentication provides an extra layer of security to privileged administrator accounts. It requires an admin’s identity to be verified via their mobile device before granting access, frustrating the attempts of most cyber-criminals.
Other recommended authentication controls include:
- Blocking users who log in from countries where the firm does not conduct business
- Blocking login attempts that originate from anonymous networks
Implement Real-Time Security Defenses
Criminals often use targeted emails to break into protected networks, a ruse known as ‘spear phishing.' To deter attacks, law firms have set up security gateways that provide real-time protection from malware, network vulnerabilities, and other cyber-based threats.
Upgrade Database Security Controls
Information databases are the Holy Grail where hackers are concerned. Oklahoma law firms have upgraded security controls to limit access to their databases, encrypt stored files, and instantly patch any detected vulnerabilities.
Establish an Employee Awareness Program
Criminals have been known to use socially engineered emails and similar ruses to deceive their targets into downloading attachments or supplying information via a pseudo-form. Therefore, law firms are educating their staff to recognize fraudulent communications and websites, refrain from putting confidential data onto portable items that are easily lost (jump drives), and confine all confidential communications to within the company firewall.
Hire a Specialist Security Services Provider
Cyber-criminals are evolving, just like the Internet, and many law firms operate under budgetary constraints that prevent them from having a dedicated security specialist in-house. A security services provider can deliver contract-based assistance that is less expensive but no less effective.
Bottom Line
ABA Model Rule 1.6. (c) states that lawyers must make “reasonable efforts” to prevent client information from being compromised. It is a constant challenge, given the fact that lawyers are not IT specialists, but employee awareness and strong security controls will put them in an excellent position to withstand most dangers.
Does your firm use any security measures not included in this article? If so, what are they? Let us know your thoughts in the Comments box below.
To follow up on the tips introduced in this article, download your complimentary IT Security Checklist for Oklahoma Law Firms while it’s still available.
You must be logged in to post a comment.