Printer Friendly

Daniel E. Pinnington*

Computers and the Internet have transformed the practice of law, and how lawyers handle confidential client information. Where once paper documents were the norm, today clients, lawyers, and law office staff routinely work with electronic documents and data. Protecting the security and confidentiality of that information, however, is as important today as ever: Both the Rules of Professional Conduct and the Personal Information Protection and Electronic Documents Act (PIPEDA) apply equally to paper-based files and to electronic documents, such as a computer files or e-mail messages.

A failure to take appropriate steps to protect the electronic data in your office could have disastrous consequences. This could include an embarrassing release of sensitive information, a malpractice claim, a complaint to the Law Society, or the theft of your personal identity. At the very least, the theft, loss, or destruction of client or practice-related data will be disruptive to you and your practice. In the extreme case, it could cause your practice to fail.

From a best practices point of view, there are thirteen steps that you should systematically take to protect the electronic data in your firm against the most common threats.  More detail on each of these steps is provided in the remainder of the practicePRO booklet referenced at the end of the article.

 #1 Install latest updates to eliminate security vulnerabilities: The networking functionality built into software that allows the Internet to operate can create security vulnerabilities that in turn can allow computers to be compromised by hackers. Microsoft products are particularly vulnerable. You must protect yourself by installing the latest security patches and updates.

#2 Make full and proper use of passwords: We all have more passwords than we can remember, and as a result, we get lazy and use obvious ones, or we don’t use them at all. You must use passwords, and use them properly to keep your data safe. 

#3 Antivirus software is essential: Computer viruses are a fact of life. Every computer in every law office should have antivirus software on it, and this software needs to be frequently updated, at least weekly. Make sure you understand how to properly use and configure your antivirus software.

#4 Avoid spyware and adware: Viruses used to be the only threat that you had to worry about. Now you need to be aware of several other malicious software threats, including some that will spy on you. Odds are they are already on your computer. You need to take steps to make sure no one is watching your surfing habits, or collecting personal or client information from your computer.

#5 Install a firewall on your Internet connection: When you are connected to the Internet, the Internet is connected to you. Information can flow freely both ways across your Internet connection. You need a firewall to act as a gatekeeper to prevent unauthorized access to your computers and network.

#6 Be aware of and avoid the dangers of e-mail: E-mail is an essential communications tool in most law offices, but it is also one of the most dangerous tools. E-mail is one of the most common ways that viruses will enter your office, causing breaches of confidentiality and other serious problems. You and your staff must appreciate the dangers of e-mail, and know how to use it safely.

#7 Beware the dangers of metadata: Are you unwittingly sending confidential information to clients or opposing counsel? If you have e-mailed a Microsoft Word or Corel WordPerfect document to either, the answer to this question is likely yes, and you need to learn more about metadata.

#8 Lockdown and protect your data, wherever it is: Electronic client data is everywhere, both inside your office (on servers and desktop computers), and outside your office (in e-mails, on laptop computers, cell phones, and PDAs). People can access data across networks and even across the Internet. You need to understand who has access to your data, and how to limit or prevent access to it.

#9 Harden your wireless connections: Connecting to the Internet with wireless technology is so easy and seductive. However, if not configured properly, wireless can give hackers easy and unimpeded access to the data on your computer and network. Wireless users beware!

#10 Learn how to safely surf the Web: The Internet browser is another one of the more dangerous tools in your office. Even casual surfing on the Web can expose you to viruses and worms, and divulge personal data. You and your staff need to know how to safely surf the Web.

#11 Change key default settings: Every computer program and every piece of hardware has certain preset or default settings. These are necessary to make them operate out of the box. However, default settings are common knowledge, and hackers can use them to compromise a computer or network. You can make your systems much safer by changing some key default settings.

#12 Implement a technology use policy: Everyone using law office technology must understand basic do’s and don’ts, and where the dangers are. Every law office should have a basic technology-use policy that clearly informs all staff of what they can and can’t do while using e-mail, surfing the Web, and using other law office systems.

#13 A backup can save your practice: You hope and pray it never happens to you, and you will take all of the above steps to reduce the likelihood of a malware infection or hacker attack, but if your system is ever compromised, nothing will be more valuable to you and your practice than a full backup of your critical practice and client data.

The Managing the security and privacy of electronic data in a law office booklet provides a comprehensive review of the thirteen steps outlines above.  It is available for download in Acrobat PDF format (248KB) at www.practicepro.ca/securitybooklet.

* Daniel E. Pinnington (dan.pinnington@lawpro.ca) is the Director of practicePRO (www.practicepro.ca), the risk management and claims prevention initiative of the Lawyers’ Professional Indemnity Company (LAWPRO® - www.LAWPRO.ca).