How to Tell If You Have Data Security Weaknesses

November 21, 2018

Malware, data loss and all sorts of other threats put your most valued information in jeopardy.  Even something as simple and innocent as human err can lead to confidential data ending up in the wrong hands or visible to those who should not see it.  The bottom line is every single person in a law firm has the potential to be the data security weak link.  Let’s take a look at some of the most common ways information is put at risk.

 

 

Password Strength Matters

 

By this point, just about everyone knows it is important to have a lengthy and complex password.  However, simply using a long word for your password will not suffice.  Do not use a word in the dictionary.  Passwords should feature lower case letters, upper case letters, special characters and numbers.  Otherwise, if you leave a weak password in place, it really will put your data security at risk.  Furthermore, the password should be at least eight characters in length.  Everyone at the firm should update their password once every three months.

 

 

Internal Data Leaks

 

Internal information leakage occurs when a company’s data is sent without the proper authorization.  Law firm data leakage is typically client data, intellectual property or highly confidential information.  Though not all instances of internal information leaks are malicious, even a minor leak has the potential to become a major liability. Simply misplacing a laptop or USB drive has the potential to lead to potentially crippling data loss.  Once you are aware of how data leakages occur, take the steps necessary to guarantee laptops are fully encrypted and stored in a secure manner.  Internal audits should be conducted to monitor and log user activity.  It will also help to discourage the use of external drives and USBs that can be lost quite easily.

 

 

The Threat of Shadow IT is Real

 

Shadow IT, also referred to as stealth IT, is technology used in the business without the approval, support or knowledge of IT.  Anything from a digital notebook to a no-cost file sharing solution and password keeper qualifies as shadow IT.  These solutions heighten productivity yet they also have the potential to cause an array of problems.  Such technologies outside of the permitted IT structure can lead to regulatory compliance issues, spur network security threats such as malware, isolate important knowledge and diminish productivity if the service is unavailable or down.

 

Though shadow IT is a legitimate threat, it is a mistake to immediately shoot down suggestions to incorporate new devices.  If employees absolutely need to use a certain program or device aside from the one approved by the IT team, do not automatically rule it out.  Have the IT professionals evaluate the program and navigate through concerns to ensure your team has the tools they need to work efficiently.