In today’s digital world, no law firm can afford to be left behind in the implementation of new technology. But when your firm introduces new software or hardware, you also need to consider its security.
Legal professionals deal with sensitive and highly valuable information, so it’s critical to remain vigilant against potential security breaches.
When your law firm is considering implementing new software or hardware, what should you know about security? How can you evaluate a new tool to ensure it is safe to use?
We explore these questions below.
Evaluating software
Cybersecurity should be a primary concern for a law firm implementing new software. Law firms and other professional service firms are top targets for ransomware attacks, where malicious software (malware) blocks access to a system until a ransom is paid.
In fact, professional service firms are targeted more than twice as often as the next biggest target, the healthcare industry.
Accordingly, law firms should consider the following security issues with any new software.
Does the vendor prioritize security?
First consider the software vendor and how much they prioritize security.
The vendor must have security controls in place to protect the law firm users, the clients, client data, and law firm data. Look for software vendors that take pride in their security features and certifications — you’ll know because they list these as selling points.
For cloud-based software, determine whether the vendor has a dedicated security team.
That team should be constantly monitoring potential cyber threats and conducting regular audits of the platform. The presence of a security team is a strong indication the vendor takes cybersecurity seriously.
Review the vendor’s service level agreement
If your firm is engaging a new cloud-based software provider, make careful note of the service level agreement (SLA).
The SLA will set forth the minimum level of service the vendor will provide to the firm.
The vendor should guarantee a certain percentage of “uptime” where the system will be accessible to all authorized users at the firm. Ideally, this is a 100% uptime SLA, where the system is guaranteed to be accessible at all times.
If your software’s SLA doesn’t guarantee that uptime, that could indicate that they don’t have enough redundancy (backups) or that they’re not totally confident they can fend off cyber attacks. Talk to your salesperson about their reasons and the risks involved.
Evaluate the security settings
You should also take steps to evaluate the software’s security settings.
This involves determining what is possible with the software’s security system. For example, is there password protection for certain actions on the platform? Does the system use two-factor authentication, where two layers of protection are required (a one-time passcode sent to the user via text or email is common)?
Do not wait until the software is in place to review these essentials. There should be plenty of security built in before you install anything on your systems.
Special security considerations for legal tech
Your firm should also keep in mind some special security considerations for legal tech tools.
Preferably, software should have password settings that allow the administrator to require sufficiently strong passwords.
Data on the platform should also be encrypted, which means that it will be indecipherable if lost through data loss or theft. The encryption should be in place both when (1) the data is electronically transmitted inside or outside the firm and (2) the data is stored on hard drives or any individual devices.
Evaluating hardware
Legal professionals also need to maintain their hardware security.
Desktop computers, laptops, servers, networking devices, and more can all be weak spots in a firm’s security. Keep everything up to date and replace anything that isn’t performing exactly as expected.
However, some particularly difficult security problems are presented by the smart office — the modern-day office that uses connected technology to enable office workers to be more productive and efficient.
Smart voice assistant devices
Smart voice assistant (SVA) devices, such as Google Home and Amazon Echo, pose several unique security challenges in a law office.
An unauthorized user could potentially hack into the system and listen to conversations. The data recorded and stored by the company — whether it is Google, Amazon, or another entity — could also fall into the wrong hands through cyber theft.
Law firms are necessarily dealing with confidential and attorney-client privileged information on a regular basis.
Accordingly, it may be advisable to either
- not use these devices in conference rooms where legal professionals regularly meet, or
- turn off the listening functions.
Other smart office technology
Beyond SVAs, other forms of smart office technology can be deployed in law firms in various ways.
This technology can control physical access to the office, control lighting and HVAC systems, and manage office supplies. All of this technology should be subjected to the same rigorous security review as any new software, including the points listed above.
Law firms will have to implement new technological tools to remain efficient and productive. Using some of the tips here, you can also ensure that your security is not compromised in the process.
