The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
WWW.ILTANET.ORG 23 FOCUS ON SECURITY YEAR-ROUND name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Julia Montgomery company . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Traveling Coaches website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . www.travelingcoaches.com Make security a part of daily conversations rather than a once-a-year, obligatory lecture. Many of the workflows employees rely upon to perform their daily tasks present opportunities to talk about security. Demonstrate how smarter choices about even seemingly minor tasks can help protect the firm, our clients and our data. Security becomes a more integral part of employees' thought processes when we talk about it in the context of how they work. It's also important that these ongoing conversations address the personal aspects of information security — helping employees connect the dots between keeping their personal data safe and how those same choices and behaviors help protect our data. Good information security habits at home usually make their way to the office. Making security a part of our everyday conversations and workflows rather than a once-a- year conversation is the difference between culture change and compliance. When we make security an organic part of how we think and talk about our daily work, behavior changes. Checking a box that says we offer annual training won't minimize the chance of a breach — that requires employees who have security front-of-mind and make smarter, safer choices in the course of their daily work. GENERATE STRONG PASSWORDS name . . . . . . . . . . . . . . . . . . . . . . . . . . . Scott Randall company . . . . . . . . . . Advanced Legal Systems, Inc. website . . . . . . . . . . . . . . . www.advancedlegal.com Security is complicated, but robust passwords are the frontline defense. Too many users, and even IT staff, sacrifice data security by not building strong passwords; and it can be hard to blame them with so many different logins to remember from all parts of their digital life. Here are easy tips when creating a strong password: • Make sure it is at least 8 characters, 13 is even better. • Pick a word you will always remember, then substitute letters with numbers and "shift" characters like "$" for "s." • Add a random capital letter or two, and suddenly you have an easy to remember, hard to crack password. For example: "Victory2014" can be "V)ctOry2o!4" Pass these tips along to users to remind them that firm security is everyone's responsibility. LOOK INTERNALLY FOR SECURITY GAPS name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Matthew Ruggieri company . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . InOutsource website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . www.inoutsource.com Many of the hot security topics focus on threats from the outside. Without undermining the serious nature of these types of threats, I would challenge an organization to expend more resources looking internally for security gaps. Firms that have not adopted stringent policies and procedures for securing electronic repositories are at risk, either intentionally or unintentionally. Unsecured electronic repositories like network and local drives, personal email boxes, and "general" matter workspaces greatly elevate the risk of exposure to unauthorized users. By categorizing information in meaningful ways, according to client/matter and content type, organizations can apply consistent policies that appropriately limit the number of people with access. For some firms, this will mean a much less "open" collection of information. Defining the team supporting an engagement during new business intake and determining the applicability of outside regulations like HIPAA will allow firms to apply effective policy from the start of a matter's life cycle, while ensuring the proper access to those that need information.