Your law practice technology is like a garden. While most of the systems you use are for the long term, like perennial flowers, you still need to tend to the garden. You should apply patches and updates as they come and, in particular, you should periodically review your online accounts to make sure they’re still configured, and secure, as you remember.
What is in my account?
You may be storing sensitive information (credit card numbers, birth dates, other confidential information, etc.) as well as less consequential data (e-mail address, your “business card” information). Store only the information you need on any given site.
For example, if you have an old or secondary e-mail account online, consider deleting all of the contacts or stored e-mail in favor of moving them to your primary account. That way, if your secondary account is compromised – and you may not realize if you aren’t using it – there is less information at risk. Even better, close accounts you aren’t using.
Segment your personal and professional information
Wherever possible, try to keep your personal information and practice information separate. Some devices provide a way – like Samsung’s MyKnox – to segment personal and private information on the same device. MyKnox password protects and encrypts your business data while leaving things like Angry Birds and your personal apps, things that your kids might play with, unprotected. On your laptop or desktop it can be easier to keep information separated and secured without a specific application. The simplest way is to create a second user account just for your law practice. But personal Web browsing can sometimes lead to viruses or malware being installed and that can lead to inadvertent exposure of your confidential information if it’s not encrypted.
Don’t disable passwords
It is sometimes possible to disable passwords or avoid having to have one for a site, service or device. Smartphones are the most obvious example. It can be a hassle to have to put in a password or PIN each time you need to access information. It can be tempting to disable passwords because it’s inconvenient to use one. Smartphones are a great example of a small, easy to lose device, that needs a password more than other devices.
When you disable passwords, you are balancing your need for speedy access to information with the risk of inadvertent exposure of your clients’ confidential and private information. If your phone or laptop isn’t carrying anything confidential, there may be no need to secure it. You will need to make the assessment based on how you use your technology.
Don’t stress about about being attacked
Okay. Sometimes they really are out to get you. In most cases, though, your biggest challenge is to secure your information enough so that you don’t inadvertently expose it. It is more likely that you or your staff will accidentally disclose confidential information than it is that a cracker will try to attack your systems.
These attacks tend to be automated probes looking for weaknesses. If your Internet connection, laptop, or smartphone responds to one of these probes because it’s improperly secured, that’s when you become interesting to the person on the other end of the probe. You can act by looking for places where your information is susceptible and making them inaccessible and unresponsive to these probes. When you remove the opportunity, the potential intruder will move on as other sites respond.
Review which apps are authorized to access your accounts
Lawyers use apps on their smartphones and tablets and on the Web. These apps play the role of utilities, often accessing one of our primary online accounts – e-mail, news, and so on – and helping us to manage it. In some cases, these are ones we use regularly: our bank account connection to our online accounting software, for example. But we may authorize an application to access our account and forget that it’s there.
Review which apps are connected to your accounts and make sure that apps that you have discarded can no longer access your files. Google’s Security Review is a good example of how sites are starting to make this a more regular part of account maintenance.
You may not have very much content that is accessed using an app, so just keep note of which sites you use and return to them every few months to review what’s authorized. Schedule a recurring appointment in your calendar to visit the site and use it as a prompt for doing your review.