iWitness: Securing Your Data in a World of Remote Access

Download a printable PDF of this article (membership required).

This issue of Litigation, dealing with privacy, highlights how technology and law have become so intertwined that whether we are committing malpractice by failing to implement privacy and technology policies for our firms and clients needs to be a threshold question.

When I started with IBM in 1978 as a systems engineer, security was easy: Turn off the computer and lock the door to the computer room. Log-in passwords were sometimes considered belt and suspenders, and a bit much for users to remember. Today the computer room has been all but driven out the door onto the cloud, and we have not only the desktop computer to secure but the full range of devices users want to use to access the data, be they laptops, tablets, and cell phones, at all times of the day and night. If we can no longer turn off the computer and lock the door to the computer room, how can we prevent the dreaded M word—malpractice—from rearing its ugly head?

First we need to ask if we have put in place reasonable log-in security procedures that are actually followed. If we are storing data off-site in the cloud, what due diligence have we performed to reassure ourselves that the data are, in fact, secure? What kind of outside access do we permit our employees? And how secure are those “wormholes” into our business systems?