This post is courtesy of attorney Jared Correia of Red Cave Law Firm Consulting, one of MSBA's Advantage Partners.
Every law firm owner is aware that outside actors can breach data and cause a host of problems. Hackers are the bogeyman in this situation. And so much concern is spent over password management, encryption and email scams, including ransomware and phishing.
But, to have a truly effective data security program, law firms also need to consider the access that internal staff enjoys. An under-covered segment of most data protection laws is that those laws also require that internal users only have access to the data that they need to have access to in order to perform their jobs.
So, ask yourself: Does your paralegal need access to your financial data? Must your bookkeeper have full access to your case files? For screening purposes, should certain lawyers be barred from viewing certain case files?
That’s just a smattering of potential queries you could make, but the overarching idea is that you should look at each person in your organization and ask what information each of those people needs access to.
Then, to ensure that your wishes are met, you’ll need to do some detective work and look at the roles and permissions options in your various software tools. Those options are getting more and more granular, beyond simply opting everyone in as an administrator and hoping for the best.
If you can align your data security requirements with your technology, you’re in business. (And will likely stay in business.)
If you want to talk about the junction point between data security and technology applications, contact us today!
To request a consult, email Jared Correia at email@example.com, and start running your law firm like a business.