Most of the law practice technology you touch will be visible to you: a PC, a smartphone, a printer. But all modern law firms are connected to the Internet and so you have network infrastructure that connects all of your devices to each other and to the Internet. You will have servers, whether internal or external, running your Web site or case practice management system or e-mail server. Someone should be keeping an eye on these devices to make sure they are protected.
One element of securing these devices involves keeping their software up to date. This is pretty obvious on a Windows server, for example. There are regular patches and updates, just like there are for your desktop PC. Your network devices, like routers and switches, will also have software to update, known as firmware. In some cases, you will not be able to update this firmware and will need to just replace the device.
Your Internet connection point, whether you are at home using a modem and router or at your office with a more complicated set of hardware, also needs to be monitored. Automated attacks are occurring around the clock and amount to poking at your Internet connection for holes. Most systems won’t respond unless there is something like a Web server that should respond to requests. Network hardware may include intrusion detection software, packet monitoring software, and other technical tools to track what is happening over your network connections. The devices can generate log files showing where information is being sent and where requests are going to or from.
Someone should be tasked with monitoring these log files, systems, and updates. You may do this yourself in a small office or hire someone to check on it periodically for you. The point really is that someone should be regularly watching to see what is happening within your law practice network. If they see something unusual, they should follow it up.
There are server monitoring tools that will email you when a site goes offline or a server part is failing. You can see this with the uptime (the amount of time a service is up) dashboards from cloud services like Google Apps, that show you which services are running and if any of them are offline. This can help you with systems like your law firm Web site. An email telling you the site is offline may get to you before your next visit gives you that insight.
Many of these network systems will have passwords to restrict access to the people who administer them. Where they do – routers often start with a username of admin and password of admin – you should change them to make sure they are not the default. Many of these will be Web-based and can be managed with your other passwords in your password manager. If you don’t change the default password, you can find your entire network hijacked.
It’s not just the network hardware that has logging capability, creating files that you can read that show information about what the network is transmitting and receiving. Your servers and PCs also can log this information, and you may consider logging things like access failures on your server to warn you if someone is testing usernames and passwords. Similarly, there are often audit functions to help you see which of your staff is accessing which resource.
One of the reasons you might consider using hosted or cloud systems is to reduce the number of devices to patch and monitor inside your law firm. As I noted at the beginning, you can’t shift all of the responsibility but you can certainly put your client and operational information on servers where someone else takes care of these issues as part of their service fee.
Related Reading and Resources
- Why You Have a Responsibility to Keep Your Hardware Secure and Malware Free
- The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins
- ABA Legal Technology Resource Center FYI on data backups