FIRE DRILL! How secure are your files?

by Sam Glover on May 21, 2008

Imagine any of the following scenarios:

  • You returned to your office this morning to find it had burned to the ground overnight. You cannot salvage anything but a few crispy bits of your pencil sharpener.
  • Someone swiped your laptop on the train this morning while you were on your way to work. Nobody seems to have seen the person who did it.
  • While working on a brief, you are just putting on the finishing touches when your computer’s hard drive stutters a few times, then dies completely.
  • Last night, someone broke into your office and, realizing your clients’ personal information would sell for far more than your computer hardware, rifled through your files, making off with your client information sheets.

Now, ask yourself a few questions.

  • Will you ever be able to recover your physical data? Unless it was protected in a fire-proof safe, few attorneys keep spare client files.
  • How long will it take to recover your electronic data, and what will you have lost? In other words, how solid is your backup system, and do you have off-site backup?
  • How much will it cost to purchase credit-monitoring for all of your past and present clients? If your laptop is stolen and your data is not encrypted, or a thief makes off with part of your paper files it seems only fair.
  • How will you (a) prevent, or (b) mitigate the effects of each of these scenarios?

Physical security

First and foremost, how secure are your files physically. Is your office locked? Who has the key? Does your three-year-old have access to your work computer? Is your backup on site?

If you keep paper files, does the filing cabinet lock? Is it fireproof? If not, how would you recover from a fire or building collapse? Sure, these are rare occurrences, but they are also catastrophic—and the damage to your files, at least, is preventable.

As for electronic data, if your backup is on site (say, on an external hard drive in the office), you will likely lose it at the same time you lose your computer(s).

Consider your passwords, as well. Do you have them on all your computers? Are they good, long, passwords with some numbers and punctuation mixed in?

Redundancy

How often do you backup your electronic data? Weekly? Daily? Hourly? Are you comfortable recreating a week of work? Where is your backed-up data? Backup can be just for catastrophic losses like a fire or hurricane, in which case you want your data backed up off site and in another state.

Or, backup can be like a really powerful “undo” button, allowing you to dip into an hour-old backup and get part of your brief back, at least.

I am not suggesting anyone should make doubles of their paper file; rather, that all attorneys should consider the benefits of a paperless law office.

Encryption

Every week, it seems, we hear of another laptop lost with hundreds or thousands of individuals’ personal information on it. The worst part is that this is so easily prevented. All operating systems come with at least basic encryption.

The same goes for flash USB drives (or “thumb drives,” if you prefer). Even more-easily lost, these are a potential gold mine for identity thieves.

And what about old hardware? Do you nuke your data before disposing or selling old equipment, or do you pass it on for anyone to discover?

Recommendations

This article is meant to get you thinking about your own office security. As an attorney, you have an enormous amount of valuable and sensitive information to care for. While most ethics rules require attorneys to use “reasonable care” to protect that information, I think we owe our clients a bit more.

So think about security. Here are a few things I would recommend:

  • Obviously, make sure your office has a lock on the door and that you know who has copies of the key(s).
  • Use good passwords. Not your kid’s birthday or your mother’s maiden name. Good passwords contain letters, numbers, and symbols. Heck, just pick a sentence you like and use that.
  • Go paperless so that you can backup all your client files.
  • Backup your data at least daily to two places, one of which is off-site (even if that is just a second external hard drive you take home every night). Even better, back it up hourly using something like Time Machine in OS X or Flyback in Linux (Windows is behind the curve in backup options, I am afraid).
  • Encrypt at least the files on your portable drives and computers (this includes that external backup drive if you take it home with you. There are a lot of easy options built in to all the major operating systems.
  • Finally, brag about it. Tell your clients how well you will protect their information so that they feel at ease.

An ounce of prevention . . .

FREE Lawyerist Insider Newsletter
Receive free advice on marketing, practice management, legal technology, and careers with our email newsletter, the Lawyerist Insider.
Name: 
Email: 
 

Sam Glover is a business and consumer rights lawyer and the creator of Lawyerist.

Tagged as: , , , , , , , , , ,

Leave a Comment

When you post a comment on this blog, you grant us the right to modify or delete your comment, but we have no duty to do so.

 Subscribe to the FREE Lawyerist Insider Newsletter 

Previous post:

Next post: