The “Must Haves” of Data Security to Prevent Identity Theft and Security Breaches

30
Nov
2009

Christy Burke

In days of yore when the documents were all paper, you could simply lock your client folders in a file cabinet drawer, turn the key, and feel reasonably confident that no one could infiltrate that crack security regimen.  Well, now that electronic and wireless communication dominates, and paper is usually mainly an output of files that originated digitally, data flies all over the place, flowing through cables and wires, and invisibly cruising through the air.  If you can’t see it, how can you protect it?  That’s a good question!

Law firms of every size, and all the employees that work for them including lawyers, legal assistants and administrative staff, are all vulnerable to data security breaches and identity theft.  Certainly, such incidents harm the individual, often in a major way, but also they can have a direct, negative impact on the firm. 

In addition to working in the office, these professionals conduct firm business from cell phones and wireless handheld devices, business centers and internet kiosks, WiFi connections in coffee shops, hotels and airports, and from the comfort of their own homes.  Imagine that if data can get out of your device or computer, there’s an opening where someone else can get in and steal data from you – and from the firm.  Closing up these openings, large or small, is an absolute “must” for the security of you and your firm. 

Keith Jones, a Partner at Jones Dykstra & Associates (www.jonesdykstra.com), is a data security expert who has served as an expert witness on major white collar criminal cases such as US v. Duronio. 

Jones recommends that law firms, regardless of their size and practice area, strongly consider implementing the following “must haves”:

1. Dedicated Firewalls – These are a “must” for any office connected to the internet.
2. Reputable Virus Software on Every Desktop – Make sure every user’s desktop has a strong, proven virus software package installed, and also install an e-mail specific package on the e-mail server.
3. Update Wireless Routers and Maximize Encryption – Check that all wireless routers are up-to-date and have the strongest encryption enabled so someone cannot connect to your wireless network from your parking lot or the next Starbucks table over. 
4. Full Hard Disk Encryption – Protect the data on your hard disks by encryption, in case one of them is lost or stolen.

Great tips, Keith – I’d like to add one of my own.

• Secure Data Destruction - Properly destroy your hard drives, PDAs and backup tapes when you no longer need them.  Companies like Back Thru the Future and others shred and melt hard drives so the data is fully unrecoverable.  Don’t have backup tapes lying around in your office, perhaps in a closet in a dusty brown cardboard box (does this sound familiar?)  Just think of the thousands of documents and sensitive data bytes that reside on those tapes – and if you were to get subpoenaed or sued, those all might be discoverable and that would be very costly and unfortunate for you, too.

With all the dangers of data security breaches and identity theft threatening us where we live, work and travel, maybe you’re afraid to turn on your computer at all.  However, by taking the precautions mentioned above, you will be in a much better position to ward off digital hazards so you can e-mail, File/Open and File/Save in relative peace.