Adapt to Survive: Keeping One Step Ahead of Cyber Threats

There have been numerous high profile cyber-attacks in recent years, of privacy companies and government agencies. In May 2014, eBay was hacked and had to announce that personal details of 233 million of its users had been stolen. In November of the same year Sony suffered a similar fate when 102 million of its user accounts were compromised, and several emails were leaked from its high ranking Hollywood executives. Earlier this year, it was discovered that the United States Office of Personal Management suffered from two large-scale hacks, resulting in the theft of millions of employee personal files.

Against this backdrop of ever increasing cyber threats—and when you consider how much sensitive data is held by law firms—you realize how vital it is for the legal industry to keep data secure. Especially when the outcome of a legal case and the reputation of the legal firm concerned rests on it.

Security Audit

For each individual case a busy law firm will usually be privy to large numbers of physical documents, they will hold considerable amounts of electronic data, and there will be vast numbers of exchanges between clients that may contain sensitive information. Therefore, there are considerable potential vulnerabilities and the first step is to have all the risks professionally assessed by a cyber-threat specialist. Once you know where the gaps lie in your security, you can take steps to address them. A good way to do this, especially after an audit, is to create an Information Security Policy that lays out guidelines for your staff to ensure data is kept secure.

Some high profile clients may wish to audit your firm from a security point of view before they appoint you. This is particularly true of those industries which are heavily regulated, such as health insurance, and payment card processing companies. If you have already carried out your own internal audit, then this eventuality shouldn’t be such a daunting experience.

Keeping Documents Safe

It is imperative that the records a legal firm holds are kept safe to protect their clients’ reputations as well as the fact that any breach could result in damage to ongoing lawsuits. The best option is to employ the services of a secure document management company that can protect your data whilst giving you the flexibility to access it whenever needed, an important point given the day to day practicalities of life in a law firm. These providers will be subject to their own auditing and will use high levels of both physical and data security to protect your assets. They can also store both hard copy documents and data.

Firewall and Anti-Virus Software

Your internal network and website should have a firewall as the first line of defense. Anti-virus software is also important to protect you from malware. In one recent cyber case involving a legal firm, they were subject to spear phishing. This is when an email is opened which seems to come from a trusted source that the firm recognizes. The email then installs malware which sits in the background gathering sensitive data for the hacker.

Anti-virus software needs to be updated regularly and all systems should be scanned on an ongoing basis. These updates and scans should be set to run automatically by your IT department, to avoid human error.

Encryption and Off-Site Servers

The ideal solution for a legal firm is to have all their data held off-site in a high security data center. Furthermore all data held should be encrypted and all communications, including email, should also take place through encrypted connections. Encryption is important as then even if your data center is hacked your information should still remain secure.

Even if your law firm is relatively small, you aren’t immune to hacking. The FBI recently warned that even small and medium sized firms are now coming under attack. A law firm’s reputation is paramount. Clients expect their data to always remain confidential and the success of a case may rest on this fact. With the stakes so high are you willing to risk your reputation and a subsequent loss of business when some key steps taken now can do a great deal to protect you? Are you concerned your business’s security isn’t up to par? Need the guidance of a seasoned IT provider who specializes in security? Talk to us today.

Published with consideration from Law Technology.SOURCE

Most business owners have an employee handbook. But when it comes to the online security of their business, often times this portion is either not adequately addressed, or not addressed at all. However, with cyber crimes an ever increasing threat, and the fact that employee error is one of the most common causes of a security breach, it is incredibly vital that your staff is informed of your policies. Here are four policies that every business owner should share with their employees.

Internet

In today’s business world, employees spend a lot of time on the Internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. Here are three important ones to keep in mind:

  1. Employees should be using the Internet for business purposes only. While this is undoubtedly hard to avoid without blocking specific websites, having a policy in place should at least cut back on employees spending time on non-business related sites.
  2. Prohibit unauthorized downloads. This includes everything from music to games, and even data or applications.
  3. Accessing personal email should not be done on business devices. If employees must access their own email account during the day, they can do so on their smartphone or other personal device.

These are just a few Internet policies to get started, but you should also consider including information on your recommended browsing practices and your policies for using business devices (such as company phones) on public wifi.

Email

Just like with the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links or perform any type of business-related activities outside of their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, and hence helps prevents spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own device, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. That means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies have shed some light on best security practices. If you’d like more tips or are interested in a security audit of your business, do get in touch.

Published with consideration from TechAdvisory.SOURCE

investing2As a small or medium sized business owner, you likely have your hands full. Between managing your staff, looking for growth opportunities and keeping clients happy, you probably have little time to dedicate to new technology purchases. Being so busy, it can be easy to make a mistake when choosing an IT solution. That’s why we’ve compiled a list of common IT investment missteps that every business owner needs to avoid.

Investing in the newest technology instead of the best fit

It’s the job of every marketer to make you believe the newest technology on the market will resolve all your problems. And while the latest cloud or virtualization offering is likely to make things better for many individuals and organizations, it isn’t going to work for everyone.

Don’t let the flash and hype of a new product deceive you. Take the time to think about the results you’re trying to achieve with technology. Make a list of them, and when you’re done match those criteria with the product that fits. A GCInfotech professional will be happy to serve as your consultant to ensure you make the best choice.

Believing everything will magically work together

As technology evolves, it is inevitably becoming simpler to use. Consumers want user friendly products and solutions that are easy to implement, and nowadays that’s what they’re getting – at least most of the time. Because of this belief that all products are going to be plug-and-play, many business owners hold the misguided assumption that any new technology they implement is automatically going to synchronize with their other IT. It is simply not true.

Though many technologies are compatible with one another, your business is taking a big risk – that could result in massive downtime and wasted money – if you implement a new tool that doesn’t integrate well into your current system and workflow. Be smart, do some research or consult with a GCInfotech professional before making a purchase.

Assuming your team doesn’t need support and training

Now that you’ve found the perfect fit technology and you’re sure it will integrate into your current IT setup, you go ahead and purchase it. You let out a sigh of relief as you kick back and let your sparkly new IT solution power your company to new levels of success and profits in a SMB “happily ever after” fantasy. Sound too good to be true? That’s probably because it usually is.

Don’t forget that not all of your employees are going to instinctively know how to use the new technology. Consult with GCInfotech to review their support and training offerings for your particular technology solution.

Forgetting to create a budget

More and more IT solutions are packaged with pay-as-you-go monthly pricing. While this is a great way to help you avoid large upfront capital investment, if you implement too many different technologies too fast – and without thinking about the recurring costs – you could quickly run out of money before having properly created a complete technology platform.

Think about what you’re comfortable spending on IT before you open your wallet. Do some research, and either draft a budget on your own or acquire the assistance of a GCInfotech consultant to help you along.

Failing to get staff input

It’s wise to consult with the employees who will be using the new technology you implement, on a daily basis. It’s even wiser to do it before you purchase it.

The truth is that not all of your employees may be on board with the new product. They may actually even know some downsides to it you weren’t aware of. Regardless, it’s smart to consult with them beforehand, or you may find yourself in a constant fight getting them to adopt it.

Get a Single Source for all your Needs

Starting with your investment in new technology, and continuing through desktop services, cloud computing technologyremote IT solutions, remote disaster recovery, outsourcing disaster recovery and managed infrastructure services, GCInfotech is the one source you can count on for all of your support requirements. Because we can work on all aspects of your information technology, we can develop an end-to-end perspective to meet all your business computing needs-and thereby offer you better, integrated services than single-solution providers.

GCInfotech can help you take full advantage of your investment in a new technology solution, whether you’re just beginning the process of adopting it, or facing the challenges of upgrading, maintaining, and optimizing a system that’s already in place. Find out how with a complimentary consultation from GCInfotech.

Please contact us for more information or call 888-323-3066 to speak to our IT experts right away.

 

 

Published with permission from TechAdvisory.org.  SOURCE

 

Recent advancements in information technology have dramatically impacted the way law firms manage their offices.  As a result of these innovations, attorneys are now able to handle larger caseloads, have enhanced communications with clients, and easily sift through massive hoards of information faster then ever thought possible. The role that technology plays in the legal profession has become critical…and the growing complexity of technology cannot be ignored. Given the speed, sophistication and unpredictability of the new world of technology, So how does the average law firm executive manage to keep pace with and juggle all of the intricacies of their IT environment?

It’s likely that you’ve already considered hiring, or have in fact, hired an internal IT staff person. And it’s likely that additional salary, particularly one that is not billable, was a difficult and painful decision. Maybe there was this one person in the office who “knows a lot about computers” and was willing to take on the role.  Now, despite the fact that their primary job responsibility has absolutely nothing to do with technology, everyone in the firm is now relying on this person for help. Even a qualified outside expert who is brought in – even from another competing Law firm – will still have to now become familiar with your firm’s nuances and idiosyncrasies – and will bring a host of preferences and limitations.

Here’s are 8 things your law firm should consider when outsourcing their IT operations:

  1. Improved Reliability & Performance – Most outside IT firms utilize higher-end tools and best practices as they are in the heart of the industry and as a rule must stay on top of new innovations and latest and greatest technologies.  Hence they are able to identify and resolve the root causes to network issues more quickly than someone who is inside the firm.  This reduces any resulting downtime issues as well as the duration of outages that may occur.
  2. Skill-Set Sophistication – Outside firms are comprised of teams – not individuals.  Hence, in hiring a firm, by default you have access to a wide variety of knowledge, experience, specialization and skill sets. This ensures that all aspects of your IT needs can be met with the best and most current solution.
  3. Scaled Resources & Expertise –When outsourcing your IT operations, you’re leveraging a staff that is dedicated solely to fixing your computers, servers, internet, software systems, etc. They in turn spend money, resources and training time to ensure that the best service is delivered. You benefit from their investments – and save unmanageable costs associated with certifications, training, software licenses and education. This frees up time for you to run your business.
  4. Business Continuity – A good outside IT firm will monitor your systems 24x7x365.  They will also have resources on deck in the event of an emergency. An internal IT person, will offer the “illusion” of availability – but people take vacations, quit without notice – and in some cases without handing over passwords, documentation, knowledge, etc.
  5. Predictable Management Costs – Disasters are not predictable- and they can be costly – particularly if there is no disaster plan and disaster resource. With an outside firm, you won’t be caught spending unplanned lumps of money in a desperate situation (e.g. server crash). In these cases a set monthly budget can be used specifically for issue avoidance, prevention, and service optimization.
  6. Client Access and Visibility: Attorneys need to be available and accessible – 24 hours a day. For most clients, their lawyer is a lifeline, and knowing that their firm’s technical infrastructure is always at arms length can sometimes be the difference between success or failure. This runs across ALL technical aspects of the firm: email, phone systems, internet content, messaging, financial data, files and data access; any and all areas of client or potential client touch points are critical.
  7. Rock Solid Reliability: Law is a demanding and stressful profession. In order to justify their hourly fees, Attorneys cannot afford to spend any time or energy dealing with technology snafus. They require systems that have been properly engineered and work as expected all of the time so they are able to bill their hours to clients & not have to worry about lost hours on non-client related activities.
  8. Comprehensive Service Offering: Law firms need to be laser focused, and are best served by outside firms that provide complete end-to-end service technical expertise. One single point of contact for all technical needs offers the most efficient and user-friendly scenario. Whether it is email support, networking, software management, cloud services, hosting, telephone systems, messaging support, mobile application support, the cost of having to manage multiple specialists creates too many communication layers and can distract from client-oriented tasks.

Overall, outsourcing your IT operations allows firms to keep focused on servicing their clients. Whether you have 5 people or 500, there are plans available to fit any firm size, location or business needs. Make sure that the firm you select has the tools, experience, and expertise to keep your firm running at peak performance.

GCInfotech is proud to provide IT services for law firms in CT, New York City and beyond.  Call us 203 327 5700, send us email and we will reach out to you, or schedule your free IT systems management assessment.