14 Dec Keeping Client Data Safe Using Cybersecurity – The LeXFactor Briefs
In this installment of The LeXFactor Briefs, our podcast hosts Lauren and Brad dive into an article from Law.com and the importance of having a solid cybersecurity plan in place at your law firm.
Law firms must have a solid answer for clients when it comes to cybersecurity, and in the modern client-attorney relationship, that is not always the case. If attorneys want to retain clients, the client must feel their information is being protected, so lawyers have to be capable of telling their clients exactly how their data is kept safe and secure. It is a misconception that a small head count at your law firm means you are safe from large data breaches – quite the contrary. The good news is that cybersecurity strategy is becoming more widespread, and lawyers are continuing to put more thought behind how they store client data.
Subscribe to The LeXFactor on your favorite podcast platform and if your law firm needs help with cybersecurity, learn what Lexicon’s IT team can do for you by visiting LexiconServices.com/Information-Technology.
LH: Hey, everybody. Welcome to another episode of the LexFactor Briefs. It’s your host Lauren.
BP: And Brad. I love the Briefs. I love the intro.
LH: Because they’re brief, and we get to go eat lunch afterwards?
BP: It is an incentive to get through the Brief. I can’t lie.
LH: I don’t think we ever told people how we record these right before lunch.
BP: Yes, we do.
LH: I wonder if Justin ever has to edit out like a grumbling stomach?
BP: I would count it because I know many a time, my stomach growls.
LH: Or if I get angry, that’s why, just blame it on the hunger.
So today’s article, we found, clients aren’t asking solos, small firms, about their cybersecurity, and that’s a problem.
BP: And I’m going to switch it up a little bit because obviously you first think about the clients, but the clients really aren’t listening to the podcast here. It’s more attorneys that are listening to the podcast. So we have to make sure that law firms have a solid answer to this question when clients do ask.
LH: That’s a great point.
BP: Because it is important. More and more people are concerned with cybersecurity. It’s not just attorneys or law firms that clients are asking, but it’s asking when you go to purchase your insurance, when you go to apply for credit cards, when you do any purchase online. They ask, what is your cyber plan? How is my information being secured? Is it safe? And we have to have attorneys capable of answering that question.
LH: It even comes down to signing up for emails these days. Like there’s so much fine print, you have to read and you’re like, “Who are you going to sell my information to?” And I think one thing before we dive in, just a reminder that the legal industry is one of the most sought after industries for hackers or cyber criminals to target. … Because of the type of information you have on your clients – it could even be social security, numbers, maiden names, pictures – the legal industry is constantly targeted, you a lot more than other industries. This has got to be top of mind for you.
BP: So ask yourself first, if you were asked by a client, “What are your cybersecurity practices? How is my information being kept safe? How sure are you that it’s safe?” How are you going to answer.
LH: That that is a hard one. I can honestly say a lot of people probably have no clue.
BP: And that’s why a cybersecurity platform, an answer, a response, a policy has to be drafted and has to be ready for you to be able to answer that question or partner with a company that can do that for you.
LH: So let’s role play. I’m going to flip it back and ask you the same question and you’re going to give our listeners ideas of how they can answer. Obviously, you said work with a partner, put together some sort of guide. Yes, you definitely do need to do that, but what are some quick tips? So Brad, I’m a client of yours. What type of cybersecurity protocols do you have in place at this firm?
BP: I feel like we’re in counseling. What I hear you saying is that you want me to be secure.
LH: Are you listening? You hear me, but do you listen?
BP: Yes. I think some of the things that people should say are, “Yes, your information is secure because we have the following practices in place. We protect the information through encryption. We protect the information through our employees are all set up for multi-factor authentication. We make sure that none of the information leaves this specific area. The information is backed up. We’re protected for ransomware via these methods — X, Y, and Z.” And the X, Y, and Z could just be the precautions that you’re putting in place that can stop those things from occurring. And there’s actually several articles that we have posted just recently that cover things that you can do to protect that. So check those out as well.
LH: And I think too, if you guys are using any sort of software at your company, at your firm, whether it’s practice management software or something else, you probably have a rep at that company and you can ask them. Because like I said before, if you’re using practice management software obviously everything about that client and that case is in that software platform. So all you have to do is reach out to your provider and ask them, “Hey, how do you protect this data?” Or honestly, it’s probably on their website, you could just search for it and have those answers right then and there. I think the other thing you could keep in mind, like here in the office, we have door codes. It comes down to physical security too. Like how easily do you let other people in your offices? Because in all honesty, there’s probably a good chance that you may have some paper files laying around as well. So like here, we have door codes.
BP: Are your systems password protected? I mean, is it wide open?
LH: Is your password 1-2-3-4-5-6? Do you have unique passwords? What are some good password tips? I know you guys sent out a comms. internally a couple of months ago with password ideas.
BP: So my favorite is always phrases. People don’t think about phrases. They think about words when they do passwords. Don’t. Think about phrases. Think about things that are unique, that others wouldn’t guess off the top of their head.
LH: “Take my dog for a walk,” but the “A” could be like an ampersand.
BP: It’s important to do phrases — just random. You know, there are a lot of password systems out there that can randomly generate a password for you and you can keep it in password collection systems. Microsoft produces ones. There are several out there. So just phrases, randomness, those things are what’s key. You don’t want something very simple, 1-2-3, the year, the name of your kids, things that people can actually pick up just by searching your name or information out there on your social media.