While law firms have made significant progress in closing data security gaps, they’re still far from perfect. Take a look at some of these common mistakes many make:
1) Not Knowing Where Your Cloud Computing Services Provider Stores Your Data:
Every cloud company stores data in multiple physical locations in or outside of the United States. The Senate recently voted against NSA reform. This means our government can access your data regardless of its storage location. It’s wise to work with cloud providers who guarantee where your data gets stored, and also ones who know regulation for all the various jurisdictions.
2. Not Knowing the Level of Encryption for Stored Data:
The current standard is FIPS 140-2. The US government sets that standard. Any standard with less data security than that isn’t enough to keep you safe.
3. Not Patching Key Applications:
Apache servers, Adobe Acrobat Reader, Adobe Flash, and Java are rarely patched. They’re also the most successfully exploited applications by hackers. This happens even when you have a good IT team in place sometimes. What happens is the administrator buys a patching program, has someone install it, and then they cross it off the list. The truth is that your security is better than before. But many times, these patching applications don’t do a perfect job…and still leave you vulnerable. It gets forgotten until something bad happens.
4. Not Understanding What Apps are Running:
To really have a grip on this, your law firm needs to know every app that runs on every PC in your law firm’s network. What happens in reality is that new computers come loaded with programs…many that you don’t even need or ever even run. On top of that, users install dozens more sometimes. Many of these programs have vulnerabilities intentionally designed in by their vendors. You can guess what can happen from there.
5. Not Having an Understanding of Normal Activity:
Few hackers have the skills to access your network without causing a noticeable disturbance. However, many law firms have no baseline of what is normal. So when something abnormal happens, it’s impossible to notice. Verizon notes in one of its reports that almost every successful hack last year would have been detected and acted on if good baselines were in place.
Bad Things Don’t Have to Happen to Your Law Firm! Almost every hack is 100% preventable. That’s why managed IT services for law firms are so important..