I love SaaS. I depend on SaaS to operate my virtual law office. I support an attorney’s right to choose their own practice management tools and make their own business decisions whether it’s in the cloud or in a filing cabinet. But there are responsibilities that come along with choosing any practice management system and that means sticking to your own security policies and best practices.
I’m a solo virtual lawyer, so the burden is on me alone. Larger practices can designate an associate or hire an IT consultant to keep them up to date and to make any necessary security policies and safeguards. Regardless of where you are engaging in virtual law practice, it’s always good be reminded of some basic security practices for delivering legal services online. Here is my list of the top ten basic security practices for a virtual law office:
1) Keep up to date on the security issues. Read Lifehacker, Slashdot, TechCrunch, etc.
2) If you use wireless networking, ensure that all wireless traffic is encrypted with WPA2.
3) Keep antivirus software and all software patches updated and turn on the software firewall for the computer.
4) Use a safer browser, such as Mozilla with the NoScript add-on installed. Or use another pop-up blocker. Do not use free Wi-Fi hotspots when using any cloud computing application remotely. Use a cellular phone modem adapter instead. I just got the 4G wireless hotspot which I highly recommend. This also serves as backup internet access in my home office as well.
5) Never write down usernames and passwords. Create strong passwords and change them regularly. Use Keepass or other password management tool and generator.
6) Go straight to privacy/account settings in any cloud-based application immediately after you register for and change the defaults for better protection. Then check back occasionally to make sure they haven’t changed their privacy setting options again.
7) Watch your back when you work in a public place to make sure the person behind you isn’t able to watch your screen as you enter your username and password or your client’s social security number.
8) Encrypt your hard drive with Truecrypt, free open source encryption software. Easy to use, free, protects you if your laptop is stolen. Backup daily with an external hard drive with Truecrypt on it in addition to regular cloud-based backups.
9) Make sure that the applications you are using to store and transmit confidential law office data are encrypted. Look for HTTPS in the URL before proceeding. Don’t enter data unless you know it will be encrypted.
10) This isn’t going to be a popular one, but be wary of doing a lot of confidential work on your iPad with just any app. With my virtual law office, I can open the browser and work in https, but other apps, especially iPad and other mobile device apps, do not have this level of security. Unencrypted email is permitted by the state bars as exercising reasonable care, but most of us know better. Text messaging your client is not a wise idea for a lot of reasons.
For unencrypted iPad or mobile app traffic, I use a VPN. They’re REALLY easy to set up and cheap if you don’t have an IT dept. On my iPad, turning the VPN is just a matter of flipping a switch.