5 tips on informatics security for law firms
Following what happened with #PanamaPapers, informatics security has become a topic of increasing weight in meetings of executives from law firms. And of course, it is not a topic that must be ignore: Cysco System´s annual report about security places law firms number 7 among the main targets by hackers; at least 80% of the biggest 100 law firms has been affected by an informatics attacks.
Here are 5 tips that we discussed about informatics security that law firms to be considered in order to protect your information:
- User training: one of the main troubles that I have found is the lack of training that users have when using a computer, and even more, when surfing the internet. When an employee enters to the company for the first time, together with Human Resources’ training, it must be provided a training by the IT department that informs about possible risks that a user can find when surfing the internet; for example, the correct uses of e-mail to identify possible phishing attempts (an attempt to acquire sensitive information by masquerading as a trustworthy entity in an electronic communication.).
- Another main element in user training is to let them know the importance of passwords: Having a password implies a moral responsibility by the user among the assigned computer and therefore all information contained therein. The he user must be informed about the most secure kind of passwords (combinations of letters, signs, numbers, lower and upper cases, etc.) as well as not to share their password with no one, unless there is a formal request.
- The use of cloud services: Despite our users might have little or no knowledge about informatics security polices of the company, the use of cloud services comes to previse if above steps have been overlooked, as it allows agility, maintenance and security of the information due to data centralization and the backwards of a service provider that will devote resources to solve this problems.
- Use of VPNs: The use Virtual Private Networks gives mayor security of the information and easy access to users through methods of encryption of data (emails, documents, applications, etc.).
- Use of antivirus: Even this is a very know topic among and recommended by all CIOs, having a antivirus license which possess protection against malware, helping to identify hostile software, and proxies, to protect form unauthorized access of attacks from internet, giving an additional protection.
- Developt of Informatics Security Policies: Informatics security should be studied so that does not impede the work of operators on what is necessary and can use the system with complete confidence:
- To create rules and procedures for every service of the organization
- To define a contact and access point for users when require for technical support
- To define actions to take and it’s responsible when a contingency shows
- To sensitize users with informatics security troubles and actions to take.
- To establish mechanism that limit access to computer systems and email, only to authorized users and follow appropriate passwords policies.
Despite all mentioned on this tips, it is important that employees realized that, beyond their work among the company, independently of their position, to protect the confidential information of the company, is to take care of the business and their own jobs.
At García & Bodán we took very seriously informatics security, for which we have develop a series of politics, procedures and indispensable elements that allow us to protect our information and the information that our clients trust us.
Ignacio Velásquez Molina
IT Regional Coordinator
García & Bodán