Straight Edge Technology President, Doug Miller & Inside Sales Rep, Andrew Millington, discuss what law firms need to do to stay protected and in control of their data. They also discuss what happens when a law firm’s data gets compromised.
Check out the video below!
ANDREW: “Doug, I’ve heard the team talking about info security, data security, that thing all the time as part of our jobs. I noticed we have a lot of their on law firms as clients. And I was wondering, above and beyond the standard practices, what do they need to do to stay protected and in control of the data?“
DOUG: “In the last couple of years, that’s changed a little bit. The law firms now have their clients’ data on their network. So if they’re providing support for a health care organization or an oil and gas company or maybe a bank, the data that they’re being given from their client sometimes has certain regulations and requirements that they need to pay attention to when they put that data on their network. So if they take information from a health care organization, patient record, that thing, they’re now subject to some HIPAA guidelines for how they store and protect and make sure that the bad guys don’t have access to that data when they bring it onto their network.” – Doug
ANDREW: “Got you. What happens if that goes south? If they lose that data, they just lose access to it via a ransomware situation.”
DOUG: “Yeah. First and foremost, they’re going to have some hit to their reputation. They’re going to be potentially down and not able to access that information. Then their client, they’re going to have to disclose to their client that they either lost the information, need another copy of it, or in the worst case, ad unauthorized access, provided unauthorized access to a bad guy and that information. In the case of HIPAA, that’s a HIPAA violation, someone that was unauthorized access to that information.”
ANDREW: “Got you. If they take these steps to protect themselves, is this ever a set it and forget it type scenario?”
DOUG: “Yeah, often not. There’s layers to security, and those layers need to be reviewed and changed and made better over time. You need to educate your end users that good data, privacy, and security frameworks.
You need to have some tools and technology that are in place to keep the bad guys out and alert, if anything funny looks like it’s happening on your network.
And then last, you need to have good company policies around if there ever is a breach, what insurance you have to help you remediate a problem like that, and then who you notify and how you notify them if something ever does happen.
So there’s three phases and those things have to be updated all the time. It’s not set it and forget it because the bad guys are smart and they’re getting better and they change their tactics over time.”