The 4 Necessities:
____ Data Backup Solution
A strong backup system is required for a law firm, as backing up data is a priority in the standard of reasonable care while using cloud technology. The big concern here is whether your backup system effectively stores client data in compliance with the parameters set above. Backups must be taken regularly and your office should be following at least the 3:2:1 backup rule: 3 copies of data, 2 of which are stored locally and 1 which is stored offsite. At all times confidentiality and accessibility must be maintained in the storage of all backups. Many backup solutions take advantage of the cloud to enable companies to reach this 3:2:1 rule securely.
____ Business Email (Including Proper Communication Security Services)
The largest concern surrounding the use of cloud-based email for law offices is security. While it has been maintained that cloud-based email is permissible without encryption, it is highly recommended given the risks presented through web-based mail around confidentiality, misdirection or forwarding, and outside security concerns. While not required by the opinion, it is suggested as a practical safeguard to ensure client information is kept confidential and protected, especially if the type of information your law firm communicates via email pertains to the specifics of your clients. Check this line off only if you know your office's email services are encrypted or if you know that it is not needed for your individual practice.
____ Network Firewall
A firewall is another function included in the opinion's list of services taken to provide reasonable care to maintain confidentiality. A firewall dictates who can or can not access items on your network. In this regard, a firewall is the ultimate gatekeeper when protecting any electronic information stored at your office. The use of cloud-based technology for other business functions does not eliminate the need to secure your own internal network. A firewall plays a critical role in ensuring the protection and privacy of your client information. Not having a firewall is the equivalent to leaving your office's doors unlocked.
____ Business Antivirus
While the firewall is necessary to protect your office's network, antivirus is necessary to protect your office's physical devices and the information found on such devices. All law office's computer devices should have antivirus software. The PA Bar's formal opinion defines viruses and malware as potential threats to the confidentiality of client information. With this being said, an antivirus solution should be in place to protect this information from these threats. There are multiple formats for antivirus solutions capable of providing adequate protection, either cloud-based or on premises.
After going through this checklist, you should have a good understanding of whether your firm's technology resources are compliant with the Pennsylvania Bar's formal opinion. If not, we hope we have provided insight into what is needed to get there. The DII Computers team is available to help your practice further this process. We provide a no-cost IT Site Survey to help you determine which services can be checked-off and which need attention. We will present you with a plan of action to support all IT needs in compliance with industry regulations. Call 215-657-5055 to speak with a DII representative, or click the corresponding button below for further information.