The recent leak of over 2.6 terabytes of data from Panamanian law firm Mossack Fonseca has highlighted the risks around data security and the need for companies to protect their client’s information wherever it is stored.
Security analysts are still unsure as to the source of the leak with some pointing towards an insider and others to an outside force, possibly a hacker group or hostile nation state.
Data security analysts have found various security vulnerabilities across the law firm’s website, client portal and corporate email system. Whatever the source of the leak, the issue of data security is once again in the headlines and business are being reminded of the potential threat of a cyber security attack.
So, as a business what can you actually do to protect yourself?
Practical data security for your business
1. Assess the threats and risks to your business
Before you can even establish what data security measures are required for your business you need to understand and review the data you hold.
You need to examine the processes involved in collecting, storing, accessing and disposing of all the data involved in your practice day to day. This includes data held internally and also within the cloud and your website.
2. Firewall and internet gateways
A well configured firewall helps to stop attacks from the internet entering your firm’s own network. In addition, a web application firewall (WAF) can also help to protect your website from attack
An internet gateway stops users from within your organisation accessing websites or other online resources which you don’t trust .
3. Secure configuration
Review the configuration of the hardware and software that you use in order to ensure that it’s setup correctly and securely. Remove unused software and services from all your devices and make sure the ones you do use have the latest security updates.
Ask your web hosting provider about the processes involved in securing your website and its data and make sure that daily backups are being used.
4. Access control
Restrict access to your systems via user accounts and passwords. Each user’s account permissions should only enable them to do the job they’re responsible for. Administrator accounts should only be used when strictly necessary.
Ensure that staff are using strong passwords and that they change them frequently. This also includes any Wi-Fi network passwords that may be in use. Norton provides a useful free password generator.
Reminder to disable the accounts of employees who have left.
5. Malware protection
Anti-virus and anti-malware software should be installed across all devices that use your network. It’s just as important to keep these products updated and switched on.
6. Patch management and software updates
Both hardware and software systems need to be regularly updated to ensure that they work correctly. This also includes your website, ensure that the CMS and any plugins used by the site are updated to the latest versions on a regular basis.
Secure website design for law firms
If you are thinking about updating your law firm's website, we’d love to have a chat to see if we can help you. Fill out our online enquiry form here or give us a call on 0333 130 8043 and ask for Chris.