Some dos and don’ts for data security

Data security is a hot topic at the moment.

With Edward Snowden’s release of information exposing the US and UK governments’ trawling of data from technology giants like Google, Apple and Microsoft, the internet-using public are questioning how and where they store their sensitive information.data-security-small-legal-practice-uk

But it’s not just the general public that are seeing question marks flashing before their eyes. For law firms who hold sensitive data about their clients the issue takes on another level of significance.

Much has been debated about data security for law firms, but given that there are so many pitfalls, what practical advice can firms follow?

We’ve put together a few dos and don’ts that should point you in the right direction:

 

1. Do: Back-up your data.

Always. If you’re not doing it already, do it now. And preferably not in the office. If there’s a fire, you can wave goodbye to the originals and the back-up.

But…

 

2. Don’t: Back-up to Dropbox, Google Drive or Microsoft Cloud.

Their servers aren’t in the EEA, your data won’t be encrypted and given what we know about US government access to all of the above, you won’t be seen to be protecting against unauthorised or unlawful processing of personal data. If you use any of the above you’ll be in breach of data protection laws.

If you must use a public service to back-up your data (and I’m not making any recommendation here), try your internet provider or an EEA-based Dropbox alternative like JottaCloud.

 

 3. The same goes for email.

Using Gmail or Microsoft to email client information?

Don’t. For the same reasons as above.

What’s more, whenever you use email you are relinquishing control of data that can easily be read. You can set up an email account through your website or UK-based internet provider and encrypt any mail using software like Voltage or Data Motion.

 

4. Do: Use strong passwords.

Sounds obvious, doesn’t it? But you’d be surprised at the number of people who use 1234 or pa55w0rd (sorry if I’ve just given away your secret). Not good.

Make sure all of your devices are password-protected, and even better, all of your electronic files too.

 

5. Do: Encrypt.

When you store your data electronically, make sure that it’s encrypted.

Best is 256 bit encryption (which would take the Milky-Way 2 around 500,000 billion years to crack), which you can employ by using software like Folder Lock or SensiGuard.

 

6. Do: Use a cloud-based legal case management system (CMS).

Quelle surprise! The guy from the legal software company is advocating getting a legal case management system.

And I am. Because…

A modern, cloud-based legal CMS, from a UK supplier should:

 

  • Back up your data in multiple private locations
  • Have UK-based servers
  • Encrypt all data with 256-bit encryption
  • Encrypt your emails, or allow encrypted data transfer
  • Password protect your data
  • Switch off access to data on lost or stolen devices

A good CMS will do all of the above (in addition to all of its other features and benefits).

Of course, I’d love you to take a look at PureCase, our product, but the serious point is if you truly want to improve your data security and data protection compliance, it really is worth investigating and implementing the legal CMS that’s right for your firm. From whatever supplier is right for your firm.

 

FYI – Neither I nor PureIntuitive have any connection to the products or companies mentioned in this post and neither are we recommending their use – they simply appear as suggested starting points for any of your own research.

When making decisions on your IT infrastructure and data security, we always recommend doing your own in-depth research to find the best fit for your needs.

Feel free to subscribe to this blog here, or follow me on Twitter.

Posted in Data Security.