In 2015, law firms are more connected and efficient than ever before, thanks to mobile devices and programs that automate tedious tasks. Unfortunately, this also means that client data is vulnerable to theft in new and unfamiliar ways. Law firms have had to ward off cyber-attackers ever since desktop computers became a standard component of the workplace, but now they must face new types of attacks on mobile devices like phones and tablets. The adoption of new technologies is bound to continue in 2015, and new cybersecurity challenges will come with it. Here are some security concerns law firms should be aware of, along with tips to protect firms and their clients.
Mobile devices and BYOD vs. COPE
When attorneys are frequently on the go and need to connect with organizations around the globe, mobile devices fit for work become a necessity. The Bring-Your-Own-Device (BYOD) mobile policy has become popular with users because they can continue using a device that is already familiar and personalized. However, BYOD presents considerable security risks: IT has no control over the encryption of sensitive company data or what will happen in the event that the device is lost or stolen. An attorney may send company data through unencrypted apps or personal email. With BYOD, a law firm sacrifices control over what employees do with its data.
A Corporate-Owned, Personally-Enabled (COPE) mobile device policy is a more secure option that does not significantly sacrifice usability. With COPE, a law firm’s IT team retains more control over the security of company data, including the ability to encrypt data, install security updates, and wipe the device in the event that it is lost or stolen. IT can insure that all users have compatible devices and apps, preventing lost productivity due to various, incompatible models of personal devices. While apparent cost reduction is a major selling point of BYOD, the high risk of an expensive data breach due to its security issues makes COPE the more cost-effective option.
Whatever your law firm’s mobile philosophy, the most important aspect is to have a documented mobile security policy in place.
Cloud storage and data sharing
More and more attorneys are turning to the cloud as a convenient way to access and exchange documents, with nearly a third of attorneys using the cloud for work in 2013, according to ABA’s 2014 Legal Technology Survey Report. As efficient as the cloud may be, major cloud providers, like Dropbox, have been notorious for security issues, and Google’s Terms of Service, which applies to their cloud service Google Drive, gives them sweeping power to parse and even reproduce your data.
The convenience of the cloud comes at a significant security cost. A cloudless, interoffice filesystem, like OpenAFS, is a more secure option. This doesn’t mean attorneys can’t check in from on the go: a virtual private network (VPN) will allow remote employees to access internal files. If your law firm relies on the cloud to do business, it’s critical to thoroughly vet potential cloud service providers. Ask how often they conduct security assessments by a third party, and ask to see the results or at least a letter of attestation summarizing the findings. Hold your cloud service provider to a high standard: their level of security becomes your level of security.
Digital evidence in court
As the majority of communication now takes place through electronic channels, digital evidence is often critical to developing a case. A major challenge posed by digital evidence is proving its authenticity, as digital evidence may be fabricated or corrupted. To address this challenge, it is critical to develop a digital forensics case strategy and to work with forensic experts to insure that evidence is collected and analyzed in a way that will make it admissible in court. Despite admissibility challenges, it is critical to embrace digital evidence as a strategy with the potential to win your case.