With stories of new data breaches becoming public every day, law firms must take steps to ensure its documents are safe from prying eyes. Not only would it be embarrassing to disclose to a client that his or her confidential information has been compromised, it may present a violation of the code of ethics. Here are five steps to help ensure those electronic documents stay secure:
1. Develop a Plan Before Implementing
Before you start creating groups and assigning rights, develop a security plan that is both simple, updatable, and scalable. The plan should be easy so that new staff can both be easily added and trained. Planning ahead also ensures your security policy is consistent.
2. Use the Folder Tree to Your Benefit
Store documents with similar security needs in the same part of the folder tree. That way, you can grant (or deny) access to the proper individuals (or better yet groups). Use inheritance to quickly apply security settings to large sections of your repository without unnecessary manual configuration. Since you are organizing your folders, apply the security to the entire folder, not just individual documents contained therein.
3. Grant Access to Groups, not Individuals
Focusing on work groups rather than individuals allows you to apply security both more consistently and more efficiently. Moreover, it allows easy update to security levels and to staff changes. Firms should place these work groups in directory accounts for even more ease in application.
4. Secure Your Mobile Devices
Assuming your firm uses mobile devices to access secure documents, employ passcodes to access the device if the device is lost or stolen. Then disable automatic or “remembered” passwords so that if the device is accessed, it cannot be used to enter your server. Finally, disable electronic document exports so that employees do not store sensitive documents on the device.
5. Better to Be Too Restrictive
Err on the side of caution and restriction. It is better to correct an issue of inaccessibility rather than an issue of errant accessibility.
These five steps just scratch the surface of this very important issue. Firms should employ professionals to make sure such a system works to keep client documents secure and confidential.