Lawyers have lots of sensitive—for many different reasons—information about our clients. And while we talk a lot about computer security, many law firms have offline security issues to address, too. While digital files can be encrypted, backed up, and password-protected, your hard copies are probably sitting in a file cabinet—or piled up around your desk—with little or nothing to limit access.

That’s no good. Take a break from thinking about computer security and spend some time on offline security.

First, identify everyone who has access to your files. For many people, this includes cleaning staff, building maintenance, and family members. It could include other coffee shop patrons, and even strangers off the street, if you have a storefront office.

Next, identify what you are doing to control access by those who are not authorized. Do you lock your office door at night, so that you can leave files lying around? When you work from a coffee shop, how do you shield your work from curious eyes? Does your file cabinet have a lock? That you use? Who has the key?

Okay, now decide what more could you can do to protect the documents you have. You might just need to start locking up your files every night, but there may be some documents you cannot protect, or some people you cannot protect your documents from. For these, you must resort to policies and agreements.

Employees should be trained on file security. If they are permitted to take files home, discuss appropriate precautions—like locking the files in the trunk when they stop for happy hour, or keeping them in a home office, not on the dining room table. For anything else, consider requiring confidentiality agreements from cleaning and building maintenance staff who can access your files.

Don’t forget about offline file security in the midst of all the talk about computer security.


  1. Avatar Randall Ryder says:

    If you share a computer at home, but access work files from it, be sure to create separate logins for individuals.

  2. Avatar Julie K says:

    We have confidentiality agreements with employees too. And since going paperless, we have added policies regarding accessing digital files or browser based data. We limit access by requiring access from firm devices (atty) or onsite only (admn), so they are not accessing from home with an insecure PC while we have Macs, security and encryption on our equipment.

    Our few paper files are in expandable folders with initials of clients clearly visible for quick locating, but not easily viewed if someone walks in while we are working on a file.

    I think the paperless office really helps control where documents are but there are still many things to consider. It can be easy to burn a DVD with firm info you do not want outside the office. For this, policies and procedures are the best precaution.

Leave a Reply