by Tom Carter

Here's an eight-point checklist to help make your law office secure!

1. Protect the Hardware.
Richard Ferguson, Past Chair of CBA's Law Practice Management and Technology section and a lawyer with Lynass Ferguson & Shoctor says “Recognize that a computer is a desirable object and that “anyone can pick it up and all the information stored on it, so you may wish to attach it to something, like the floor. Don’t laugh,” he adds. “We’ve had computers lifted.”

2. Encrypt your Data.
Scramble the data on your network and hard drives, so that if someone does steal your computer, they won’t be able to read your files. Ferguson says a variety of good encryption software is readily available on the Net (see sidebar at www.cba.org/CBA/PracticeLink/National_articles/39.aspx for a list of security products and their websites).

3. Install a Firewall.
Basically, a firewall is a program that prevents hackers from coming down your computer’s “pipeline” to the Net, so that no one can hack you or create chaos, explains Ferguson. “Having a firewall is not just getting one and installing it,” adds Dan Pinnington, Director of Practice Pro, the risk management arm of Lawpro in Toronto. “You want to make sure you’ve gone through the various settings to lock down things to the extent that you want to.”

4. Stop those Viruses!
Install a good anti-virus program. “Put it on your server and on each computer, so if anyone tries to introduce a virus into your network, it will not cause havoc,” says Ferguson. Once it’s installed, make sure you update it regularly. “Most of the major products now allow for automatic updates,” Pinnington notes. That means you can set the program to go to its home Website and download new virus definitions as often as you wish.

5. Back Up Your Data.
“If something screws up today, if someone steals the computer today, if it is destroyed in a fire today, you have the information necessary to carry on your practice,” advises Ferguson. “That means backing up daily, taking backup media offsite on a regular basis, and checking that backup data to make sure it’s working.”

This last point is often overlooked, even by the experts. Ferguson’s firm used the same tape backup system faithfully for years. “Then the hard drive got munched, and lo and behold, no one made that kind of tape drive anymore. We had to send the tape to a processing outfit in the States to get it restored onto a hard drive.”

6. What’s the Password?
Use passwords and manage them properly. “A password gets you through a locked door,” Pinnington observes. “You have to get people using them and keeping them secret. Then there’s the issue of changing them. Do you change them every 30, 60, 90 days, in case they’ve been compromised?”

7. Watch for Turnover.
Pay attention when staff are fired or quit. “It’s possible to change a password the moment you terminate someone, so they can no longer get on the network and screw up anybody else,” says Ferguson. This is especially important if the termination is acrimonious. “A disgruntled employee may say, ‘To hell with this’ and issue that formidable command, ‘Format Drive C,’ and all that was there is gone.”

8. Mind your Portables.
Remember that everything that we’ve said about computers also applies to portable data-saving devices like laptops, Palm Pilots and even cellphones.

This article was published in the December 2005 issue of BarTalk and is subject to the copyright by the British Columbia Branch of the Canadian Bar Association, 2005, all rights reserved.