10 Cloud Security Best Practices For Attorneys and Law Firms

If you’ve been overwhelmed and frustrated by having to maintain an in-house IT solution for your law firm, you might have considered using a cloud computing platform specifically for case management.

There are many benefits for moving your files and data to the cloud, such as lower cost, increased productivity, scalability and higher client satisfaction.

Understandably, law firms are concerned about the IT security of these cloud-computing solutions.

After all, it’s not only your own data but also the sensitive information your clients have entrusted you that’s on the line.

The reality is, maintaining a secure on-premise IT solution is becoming increasingly difficult and costly. In fact, 64% of IT professionals at medium and large enterprises say that a cloud system is more secure than a legacy system.

However, moving to the cloud doesn’t mean that you’re off the hook. The files and data you store in the cloud are only as secure as the measures taken by your provider to protect them and your ability to adhere to security protocols.

In this article, you’ll learn 10 cloud security best practices that you need to ask your provider about or implement as a user:

1. Multi-Factor Authentication

Simply using username/password as login credential is no longer enough to ensure secure access by authorized personnel.

You should be able to set up additional authentication method(s) to supplement the username/password pair, such as a physical token, a password card, a digital certificate, biometry or SMS password.

Image source

2. Access Management Policy

Your cloud-computing service platform should allow you to set access rights for each individual user such that employees, contractors or clients can only access information relevant to their roles.

It’s also important to keep track of access granted on a temporary basis and remove users when their relationships with your firm end.

3. Log Management

Logs are not only for compliance. They also help monitor suspicious activities and aid in forensic investigations in case there’s a breach.

Your cloud service provider should keep track of every user that logs into the system and views any document, and be able to provide you with such information upon your request.

4. Data Backup and Recovery

A top-tier cloud service provider should have a comprehensive backup and recovery plan with multiple redundancies built in to ensure that your data is secure whether there’s a cyber attack or physical disaster – covering scenarios for either loss of location (e.g. physical disaster) or loss of Internet connectivity.

A well-designed recovery plan allows you to get up and running again with minimum downtime, which could be critical when you’re working with time-sensitive materials.

Image source

Make sure you review the recovery plan with your provider so you know exactly what to do when there’s an emergency.

5. Vulnerability Analysis and Ethical Hacking

Your cloud service provider should routinely carry out vulnerability analyses done by a credible third party to ensure the security of the system.

These analyses help the provider stay on top of their security measures and ahead of malicious hackers.

6. Compliance To Security Standards

Security standards for cloud computing are fast evolving. Besides making sure your provider is adhering to industry standards (e.g. ISO 27001,) you should also do your due diligence by making sure your platform is compliant with the standards required for your business and area of practice (e.g. HIPAA.)

Image source

7. Procedure In Case Of DDoS Attack

A DDoS (Distributed Denial-Of-Service) attack could bring down a cloud service and anything connected to it as hackers flood the system with data to prevent users from accessing the website.

Make sure your provider shares with your any pertinent procedure so you won’t be caught off guard without access to your data.

8. Data Encryption

Your data should be encrypted during transfer and storage to ensure that they’re protected from prying hackers.

9. Browser Security

Your employees will likely be accessing the cloud through their web browsers. Make sure the browsers on all the computers are properly updated to avoid browser exploits.

10. Employee Training

Your security measures are only as good as how well all your employees are adhering to the protocol.

Work with your cloud service provider to set up employee training to help your staff understand and apply the new security procedures. You also want to make sure that this training becomes part of your new employee on-boarding process.

Be a Smart Cloud User

Cloud security is a fast evolving to keep up with the ever-changing technological landscape.

To safeguard your files and your clients’ data, make sure you understand your providers’ security model and stay vigilant.

Stay informed by educating yourself so you can ask pertinent questions when choosing a cloud provider to protect your information.

Here at Litify, we’re committed to providing a secure cloud-computing environment for our customers and help them streamline workflow, increase conversion rate and of course, beef up IT security. Find out how Litify makes it easy for you.

IT Security For Law Firms — Cloud-Based Solution vs. On-Premise Solution

IT security has been a hot topic in recent years. After a few high-profile data breaches, the public is now very aware and wary of the risks and challenges facing IT security.

In the past, small law firms — or any small company or business — could rely on their inconspicuousness to protect them against malicious hackers. After all, whether a hacker was looking for fame or fortune, breaching a large corporation would offer a much better payout.

However, it’s no longer the case.

In March 2017, a company called Oil and Gas International filed a bug report with the Firefox browser maker Mozilla claiming that Firefox was wrongly warning users that its website was insecure.

The company claimed, “We have our own security system, and it has never been breached in more than 15 years.”

Shortly after the report was filed, hackers who breached into their system deleted their entire database.

The 15 years of security was an illusion — one that caused the company to let down their guard, become lax in their IT security, and ultimately cost them dearly.

It’s no longer safe to rely on security through obscurity. Your company is exposed to potential breaches every single minute in this age of IoT (Internet of Things.)

Think about all the devices (including routers, cable boxes, game consoles, refrigerators, cameras, TVs, and home security systems) that are now connected to the Internet. Hackers can easily find a vulnerability in a device or software to breach a system.

Not to mention, the “bring your own device” trend that’s becoming very common in many workplaces means any personal device connected to your system can potentially be breached, giving hackers a way to get their hands on your confidential data.

In 2016, ransomware attacks grew at a blistering pace. In total, SonicWall reported 638 million cases.

Meanwhile, the advent of cryptocurrencies like Bitcoin allows for anonymity that has made it easier than ever for a hacker to extract a ransom from compromised victims.

Instead of targeting large corporations that have much tighter security, more and more hackers are attacking smaller businesses because they can breach those systems much faster and easier.

Small or mid-sized businesses can no longer ignore IT security and hide behind obscurity. You have to make sure that your information and data are safe.

For law firms, it’s not only your own data that is on the line.

Your clients trust you with their confidential information, and a data breach will not only cost you financially but also your reputation and your clients’ trust and relationships.

The question is — what’s the most secure way to host your applications, files, and data?

There are two options: hosted or on-premise (known as “on-prem” in the tech industry.)

The prevailing assumption in the legal industry seems to regard on-premise solutions as more secure. Unfortunately, this idea is a relic from the early years of the Internet and is now dangerously inaccurate.

On-prem solutions come with a very high cost of ownership.

Not only does your organization have to implement the technical solution but also become responsible for the maintenance of proper security, which often takes a tremendous amount of knowledge, effort, and money.

Your IT team needs to keep every piece of hardware and software up to date, ensure security settings are correctly applied and audited regularly and have a backup system in case of a failure or attack.

Data loss can be devastating to businesses — did you know that60% of companies that lose their data shut down within 6 months of the disaster?

It’s critical that you have a system in place to back up your system and all the changes in real-time. The back up should be stored in a remote location and set up for quick and easy recovery to minimize downtime.

If all the IT logistics is making your head spin, and getting you to wonder how you can have the personnel and resources to ensure security — here’s the good news:

Most companies are now moving to cloud-based, or hosted, solutions.

Top-tier hosted solutions are much safer than on-prem solutions because they make providing customers with a secure IT environment their business.

They have entire teams of experts dedicated to ensuring that their system is up-to-the-minute. Many of them take the initiative to incentivize security researchers to report vulnerabilities before hackers find and exploit them.

If you’re still hosting your IT system on premise, it’s time to evaluate how well protected your data is, and if it’s time to switch to a hosted solution.

Contact Litify to Learn More About Our Secure Cloud-Based Case Management Solution

Litify understands the importance of attorney-client confidentiality to your firm’s success, which is why we use security tools that exceed all industry requirements.

To learn more about cloud computing solutions and how we can protect the privacy of your data, please contact us for a free demo.

Email Security: How Law Firms and Attorneys Can Protect Sensitive Client Information

Email hacking has become quite a hot topic lately, and the American Bar Association (ABA) recently responded by releasing a publication on “Securing Communication of Protected Client Information.”

In row 138, the document stated that it’s “not always reasonable to rely on the use of unencrypted email.”

In row 202, the publication devoted a section on determining “how electronic communications about clients matters should be protected.”

In row 212, the document indicated that “Alternatively, lawyers can consider the use of a well-vetted and secure third-party cloud-based file storage system to exchange documents normally attached to emails.”

So what do all these mean for your law firm?

As a law practice, your clients are entrusting you with their private and confidential information. It’s your responsibility to ensure the safety of such information both during transit and in storage.

A security breach will not only have legal and financial ramifications but also impact the trust and relationships you’ve built with your clients.

As such, it’s critical that law firms and attorneys take precautions to ensure the security of all client information.

With the advent of the digital age, an increasing amount of confidential information is being shared and communicated electronically.

Many attorneys are sending files with sensitive information via emails. Even though this helps expedite many procedures, the often insecure transfer of data also open up opportunities for malicious hackers to profit from exploiting such private information.

Emailing Confidential Client Information Exposes Your Practice To Cyber Criminals

60% of companies in this study said they’ve experienced more than one data breach in the span of two years’ time.

Image source

No email platform is fully protected from security breaches. Email communications involve a large number of moving parts and offer too many “entry points” for hackers to exploit, many of which are not under your control no matter how diligent you are.

For example, if someone you trust got hacked, they could unknowing send you malicious files or links that could give hackers access to your system. The same goes for your employees and clients.

In Q3 2016, 18 million new malware samples were captured.

All it takes is for one piece of malicious code to sneak into one of your employee’s inbox to put your entire company’s data and your clients’ private information at risk.

Not to mention, when a breach happens and an email account got hacked, not only the documents you’re currently working on are at risk but every single document you’ve ever emailed could also get compromised!

Creating a secure IT environment for information transfer using emails with an on-premise server is costly and very challenging.

Even if you manage to set up a secure server environment, you have to ensure that all your employees are following the security protocols at all times.

With the increasingly popular “bring your own device” trend in the workplace, implementing endpoint security can be a huge undertaking if you were to do it on your own.

Not to mention, no matter how secure your IT environment is, you don’t have control over that of your clients’. It takes only one client to make one mistake to create a domino effect of irreparable damage.

A More Secure Way For Document Transfer and Collaboration

As a response to the insecure nature of email communication, ABA recommends lawyers to “consider the use of a well-vetted and secure third-party cloud-based file storage system to exchange documents normally attached to emails.”

What does that mean, and what can you do?

To prevent important data from being hacked via emails or stolen from hardware, more and more companies are relying on cloud services — Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS) — to handle sensitive information.

In 2016, more than 94% of companies use SaaS vendors to provide secure environments for keeping their data and information safe when transferring and sharing documents.

Using cloud-based platforms to handle file transfer both internally and with clients is the best way to ensure that your information is secure from the prying eyes of malicious hackers, and here’s why:

  • Your information is protected by endpoint security protocols, such as multi-factor authentication to ensure that only authorized clients and personnel can access the designated files and data.
  • You can rest assured that your data is safeguarded in a secure environment by a professional team of IT experts, 24/7/365.
  • Even if hackers manage to breach your email system, they won’t be able to obtain your sensitive client information because these files aren’t stored on your email server.
  • You don’t have to worry about upgrading your hardware or software to comply with fast-evolving industry standards.
  • You can be sure that your files and data are backed up with a comprehensive recovery plan.
  • Your data and files are encrypted during transit and storage for extra security.
  • You’re protected against ransomware – even if hackers can get into your server, there’s no file for them to hold hostage because your information isn’t stored locally.

Not All Cloud Platforms Are Created Equal

The security of a cloud service is only as good as the company that’s hosting it.

That’s why Litify chooses to build our applications – a suite of tools customized for attorneys and law firms – on the Salesforce platform.

Salesforce’s cloud service is the world’s largest CRM platform trusted by numerous government agencies and global corporations including ADP, Amazon Web Service, America Express, Cisco, Comcast, GE, KLM, L’Oreal, NBC, Philips, P&G, Spotify, T-Mobile, Toyota, Western Union, and many more.

Besides the many benefits offered by cloud-based computing, Litify’s customers can take advantage of the robust security available through the Salesforce platform.

For added protection, our team doesn’t have access to your files and data, which live on the Salesforce cloud and are only accessible by those authorized by your company.

Our team at Litify is ready to help you meet the standard of today’s IT security best practices and protect your firm’s and your clients’ sensitive information from prying hackers. Schedule a live demo to see our software in action.

How To Protect Your Law Firm From Ransomware and Cyberattacks

The cyberattack and the massive global disruption caused by the ransomware WannaCry in May 2017 has not only affected 99 countries but also called into question whether the IT security measures employed by individual organizations or corporations are sufficient to protect our data against malicious hackers.

Just a day prior to this wave of 75,000+ ransomware attacks — no doubt prompted by the  increasing number of data breaches across both government agencies and the private sector with hacking/skimming/phishing being the leading cause — the White House issued an executive order that called for “a modern, secure, and more resilient executive branch IT architecture” to manage and reduce risk.

The executive order stated, ”Agency heads shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud, and cybersecurity services.”

“Shared IT services,” simply put, is the consolidation of business operations that are used by multiple parts of the same organization. (source)

The advent of cloud computing, in which data and files are stored in a centralized off-site location instead of being hosted on individual computers or local servers, has modernized the implementation of shared IT services.

This executive order underlines a shift in our nation’s approach to cybersecurity and should be taken as a directive — for small businesses and large corporations alike — to rethink their own IT security.

Lessons From The WannaCry Cyberattack

The ransomware WannaCry attacks individual computers and the local network they’re connected to, locking down files and data so businesses have to pay a ransom to the hackers in order to regain access to their files.

The ransomware targeted a vulnerability in Microsoft Windows operating system — one that was discovered back in March 2017, and for which a patch was issued.

Most individual computer users, who have automatic software update enabled on their computers, were not affected. However, larger organizations with a cumbersome IT procedure might not have deployed the fix in time to protect their systems from the attack.

The ransomware made its way into the organizations via employee emails — it took only one unsuspecting employee to click on one link or open one file to introduce the virus onto their machines. Since the infected machines are connected to the local server, every computer connected to the network then became compromised.

Numerous organizations were brought to their knees because their local servers were attacked by the virus.

If the data and files were not stored locally in computers or on-premise servers, the ransomware wouldn’t have had anything to hold for ransom.

The Challenge of Using an On-Premise IT Solution

Many law firms are still using an on-premise IT solution — which means all the computers in an office are connected to a server installed on-site — the exact local network set up that made the May 2017 cyberattack possible.

Maintaining an on-premise IT solution is becoming increasingly challenging and costly as hackers are coming up with new ways to breach IT security systems faster than ever.

Many in-house IT professionals have found it very difficult, if not impossible, to keep up with new security measures: keeping every piece of hardware and software up to date, ensuring security settings are correctly applied and audited regularly and having a backup system in case of a failure or attack.

Not to mention, few companies have the personnel or resources to stay on top of the fast-changing cybersecurity landscape.

If you’re still using an in-house server, you too are facing these challenges whether you’re aware of it or not. When was the last time you check with your IT team to understand the security measures that are in place to protect your company from malicious hackers and other cyber crimes?

As a law office, an IT breach will not only put your own files and data at risk but also the confidential information entrusted to you by your clients.

A breach will not only cost you financially but will also affect your reputation as well as your client relationships.

It’s time to re-evaluate the security measures you have in place and see how you can better protect your files and data from malicious hackers.

Beef Up Cybersecurity With Cloud Computing

The best way to lighten your cybersecurity burden is to move your files and data to the cloud.

If you’re having doubts and wondering if the cloud is indeed more secure than an on-site server, consider this: a majority of IT professionals who understand the intricacy and cost of setting up and maintaining a secure IT environment consider cloud computer to be a more secure solution.

Having your server on-premise could give you a false sense of “control” but in reality, you’re exposing your company to unnecessary risks.

Cloud computing is more than just storing your files off-site in another computer — a misconception preventing many from taking advantage of all the security features cloud computing has to offer.

A top-tier cloud-computing platform is supported by a large team of experts who make maintaining a secure IT environment their business.

The platform can be set up so it can only be accessed through multiple layers of authentication to minimize unauthorized access.

Moreover, the cloud is isolated from the individual devices (e.g. computers, phones and tablets) used by your employees, so even if one device gets infected with malware, your files and data will remain secure.

Many cloud-computing platforms, such the Salesforce platform on which Litify is built, are compliant with some of the most rigorous, industry-accepted security and privacy standards — including HIPAA/PHI. Their teams of security experts keep the platforms up-to-date with all the compliant requirements so you don’t have to break a sweat.

Last but not least, cloud computing providers have comprehensive backup and recovery plans in place so you don’t have to worry about losing your files and data in an event of a cyberattack or a physical disaster.

Start Protecting Your Data Today

Since current ransomware only has the ability to affect locally stored files, the best way to protect your data is to store your files in a cloud-computing platform.

Litify stores all the clients’ data on the Salesforce platform — a top-tier cloud-computing provider that follows the strictest security protocols.

The platform backs up data frequently at regular intervals. If our clients experience data loss, they can simply restore their files from a backup with minimum disruption to their businesses.

If you’re ready to see how your law firm can benefit from cloud security, contact our team here at Litify to schedule a free demo.