Security in the Cloud: How to Protect Your Law Practice Business Data
Cloud this, cloud that—no doubt you’ve been inundated with the tech industry’s message that the cloud is where it’s at these days. Just under 90 percent of small businesses use cloud-based services to store, share and back up data, according to a recent survey by Rackspace Hosting, Manchester Business School and Vanson Bourne. Cloud everything has become increasingly popular with any business, especially for Law firms that can’t afford a basement full of servers or finds an IT department impractical for other reasons.
But how secure is the cloud? Security levels vary from one provider to the next, but one thing most decision-makers may not know is how much control they do have over their own cloud security.
Data Encryption
Nearly every cloud storage provider spends a great deal of time, money and personnel making sure that outsiders can’t hack into their storage system. But not all of them pay attention to how safe your data is behind those walls.
That’s a shame, because once those walls are breached, your data is open for the taking. Encryption will keep your data safe even if someone breaks into your provider’s network and gains admin access. If your cloud storage provider doesn’t encrypt your stored data, you need to find a new provider.
Encryption itself is not enough, however. If your provider keeps the encryption key on the same servers that hold data, then the encryption is useless if a smart hacker gets through. Ask your provider where they keep their encryption key(s).
Device-Oriented Security
Another way to ensure security for your data is to enable device-oriented security. That way, even someone with the right login credentials and password can’t access your business data unless they’re doing it from an authorized device.
This security measure has the advantage of protecting you from disgruntled associates or other information leaks that come from the inside. It’s not a feature all cloud providers offer, nor is it practical for every law firm. But it’s worth asking about.
Fraud Protection
Unfortunately, fraud protection doesn’t come standard with even the best cloud storage services, neither is it typically an option. Use of a third-party solution such as Life Lock will help your business protect its intellectual property as well as its brand.
Education and Training
A great deal of data theft, intellectual property violation and flat-out identity fraud happens regardless of the security precautions you take. Social engineering is responsible for a significant amount of fraud, data theft and intellectual property theft.
It’s also preventable. Lawyers, clients and their staff need to be reminded of basic security procedures. Simple things like changing passwords on a regular basis, verifying the identity of anyone who claims to be with your storage provider and/or IT department and even simply logging out after each authenticated session are all steps that can make your law firm’s data more secure.
Your data will never be 100 percent secure unless you lock it in a fireproof briefcase and throw the key into an incinerator. But you can make your data and business safer. Ensure your cloud storage provider is adequately secure, only allow authorized devices access to data, use secure pathways and maintain constant security awareness throughout your organization.
Guest Blogger Ryan Harrison: Ryan is a mobile app developer and tech blogger with three boys, two dogs and one very happy wife. He is currently pursuing his Master’s degree in Business Marketing to specialize in legal websites.