The leak of over 2.6 terabytes of data from Panamanian law firm Mossack Fonseca in 2016 highlighted the risks around data security and the need for companies to protect their clients’ information wherever it is stored.
Data security analysts found various security vulnerabilities across the law firm’s website, client portal and corporate email system. Their approach to data security simply wasn’t good enough and other legal practices are constantly being reminded of the potential threat of a cyber security attack.
So, what can you do to protect your law firm against such a data theft?
Practical data security measures for your law firm
1. Assess the threats and risks to your business
Before you can establish what data security measures are required for your law firm, you need to understand and review the data you hold.
You need to examine the processes involved in collecting, storing, accessing and disposing of all the data involved in your practice day to day. This includes data held internally and also within the cloud and your website.
2. Firewall and internet gateways
A well configured firewall helps to stop attacks entering your firm’s own network. In addition, a web application firewall (WAF) can also help to protect your website from attack
An internet gateway stops users from within your organisation accessing websites or other online resources which you don’t trust .
3. Secure configuration
Review the configuration of the hardware and software that you use in order to ensure that it’s setup correctly and securely. Remove unused software and services from all your devices and make sure the ones you do use have the latest security updates.
Ask your web hosting provider about the processes involved in securing your website and its data and make sure that daily backups are being used.
4. Access control
Restrict access to your systems via user accounts and passwords. Each user’s account permissions should only enable them to do the job they’re responsible for. Administrator accounts should only be used when strictly necessary.
Ensure that staff are using strong passwords and that they change them frequently. This also includes any Wi-Fi network passwords that may be in use. Norton provides a useful free password generator.
Remember to disable the accounts of employees who have left.
5. Malware protection
Anti-virus and anti-malware software should be installed across all devices that use your network. It’s just as important to keep these products updated and switched on.
6. Patch management and software updates
Both hardware and software systems need to be regularly updated to ensure that they work correctly. This also includes your website, ensure that the CMS and any plugins used by the site are updated to the latest versions on a regular basis.
Moore Legal Technology – Helping law firms succeed
If your online presence isn’t currently contributing to your firm’s bottom line and you want to partner with an agency who is focused on helping your law firm grow, call Chris today on
03333 442 722 or email