Staying one step ahead in protecting your firm’s and your clients’ data.
Karen D. Sparks, Divorce Financial Analyst® and Lawyer
In our work as family law professionals, we are inundated with many forms of information related to our clients’ financial status. There is always a considerable amount of paperwork and electronic data to be reviewed and analyzed. Technology advancements have created wonderful benefits for our profession, but a huge downside to this is the continuing challenge of preventing security breaches, identity theft, data mining, and the sale of data as a commodity. Good practice maintenance must include a regular review of all of our policies and practices as they relate to document retention, email, and business liability insurance protection.
Always be certain that your retainer agreement includes language on what will be done with client files after the conclusion of each engagement. Your retainer agreement should state specifically how long your office will store records, exhibits, and other pertinent information. Client file information should be secured at all times in locked or password-protected filing cabinets, storage areas, or secure facilities.
When disposing of professional client documents and/or personal papers, take great care to ensure that no critical private information can be culled from the items being discarded. There is an excellent product on the market that I recommend called “Guard Your ID.” It is a roller-ball that is very effective at obliterating sensitive information on both paper files and glossy items (such as mail, magazines, prescription labels, etc.) by covering over all private data on these objects with a random pattern of letters and numbers. After you have used Guard Your ID to successfully remove all important indicators from your documents, it is then appropriate to shred everything for an even more secure disposal of client information.
For client data that is stored electronically with cloud storage providers, monitor closely who will be able to access this material in shared files or notes. Change your password for access to the cloud storage on a regular basis to minimize the risk of information theft. At the conclusion of each client’s case, delete all file folders, comments, and notes relating to that case.
Best Practices for Technology Security Breaches
Two alarming new security flaws (called “Meltdown” and “Spectre”) have just been discovered. These flaws are exceptionally dangerous because they allow hackers to access and steal sensitive data by targeting actual computer microprocessor chips themselves. The flaws can have serious consequences for clients of cloud servers because, if one server user gets hacked, the private data of all of the cloud server’s users becomes available to the hackers.
The pervasive nature of new developments like “Meltdown” and “Spectre” underscores the absolute necessity of performing regular and frequent technology housekeeping. Whether your practice operates with a standalone computer or laptop, or utilizes a sophisticated network system or cloud server, updating your technology equipment on a regular basis is absolutely essential to the prevention of hacking disasters. Checking regularly for updates and patches – and installing them immediately – will go a long way toward preventing any hacking of the sensitive client information that is vital to your business investment.
Email and Other Electronic Communication
While there is no bulletproof solution for electronic hacking, there are some steps that we can take as professionals to add additional levels of security for our email and text communications:
- Quick messages sent via text to clients often save time and allow us to monitor case issues without a lot of complication. However, be very vigilant about how you are communicating and what information you are communicating. Never transmit any key client data over text. Request that the client contact you by phone to receive the necessary facts.
- Keep your mobile devices secure with passwords, fingerprint detection, and other security apps and programs to prevent unauthorized access.
- If your business email is connected to a company server or network, make a point of inquiring about the security measures and protocols that have been implemented to protect your data.
One notable provider is ProtonMail. The ProtonMail servers that maintain emails only store the encrypted emails themselves and do not have a password or key to decipher the stored emails. ProtonMail has a functional interface with folders, spam filters, etc. A key benefit of this product is that you can exchange encrypted emails with other users who do not use ProtonMail. It is important to note that you cannot access ProtonMail via a plug-in or SMTP or IMAP, but you can use ProtonMail with your own domain name with either a free or paid account.
Business Insurance Protection
Take a proactive approach to your insurance coverage and confer with your professional liability carrier to determine whether it offers additional insurance riders for electronic data breach protection. Consider adding this coverage as an essential cost of doing business in order to provide an extra layer of security for your practice.
Additionally, as your practice grows, be sure to review your levels and categories of coverage. Take note of new or expanded service offerings and consider whether you have adequate liability protections for your practice.
You cannot prevent every occurrence of security breaches, but you can investigate and implement strategies that will provide significant levels of security and protection for your client data and your business development.
Karen D. Sparks, CDFA®, J.D. is the principal and owner of Divorce Financial Strategists™ and the co-author of Stress-Free Divorce. www.divorcefinancialstrategists.com
More from Family Lawyer Magazine