2019 New Year Preparation: What Every Law Firm IT Professional Needs to Know
As the new year begins, it's time to make sure that all of your policies and systems are up to date. Now is the perfect time to review and update or add any necessary systems and policies to ensure your data is secure.
January 18, 2019 at 07:00 AM
6 minute read
A new year is upon us, and as the calendar flips over, many people take time to assess where they are and where they want to be in the coming year. The same exercise can be a useful one for law firms, particularly in the areas of technology and security.
As we head into 2019, law firm IT professionals should take the time to define the firm's goals in the next year and determine how the firm can set itself up for success and security in the IT realm. In order to best prepare for the new year, your focus should be on making sure that your systems are secure and up to date, your data is backed up, and your users know how to spot potential security threats.
|Is Your Data Secure?
While that may sound like a simple enough question, there are many policies and procedures that go into securing data in a law firm IT environment. As the new year begins, it's time to make sure that all of your policies and systems are up to date. Now is the perfect time to review and update or add any necessary systems and policies to ensure your data is secure.
While IT environments vary from firm to firm, there are some things that all law firms should be reviewing now in order to set themselves up for success in the coming year.
Security Training: All employees should be required to complete annual user security awareness training. Even if such requirements are in place, it's important to make sure that they are actually met. Review your training records—whoever hasn't taken the training in the past year should be first in line to take it this year. All employees should be scheduled to retake the training at some point over the year. After all, your first line of defense against threats is your users, their ability to think critically and to spot phishing and malware threats before they become problems.
Network Policies: Your users may be your first line of defense, but they can also be a weakness if they're opening your system to threats, even unintentionally. To help curb that possibility, you should review your network policies, update them as necessary, and make sure that your users fully understand them.
Passwords: Passwords are the most direct means of accessing data, and therefore they should be changed regularly to ensure that only those who should have access actually do. Administrative, user, and services passwords should be changed system-wide for the new year. Going forward, they should be changed on a regular basis. If you don't already have a password-change policy, you should implement one in the new year, ideally requiring that passwords be changed every 90 days and are comprised of complex characters.
Wireless: The same notion goes for your wireless network. If your network has a shared password, consider changing it for the new year and resetting it on a regular basis going forward.
Administrative Accounts: In addition to changing passwords, you need to make sure that your administrative accounts are active and that only necessary accounts are enabled. On the flip side, be sure that only active users and employees have access to your systems. An HR review of user accounts can easily identify valid and active employees, which is useful, because IT departments are not always informed of personnel changes.
Upgrades: Software and systems need to be regularly upgraded in order to take remain protected from the latest security threats and take advantage of available functionalities. If your systems and software are not up to date, schedule an upgrade now. Going forward, you should consider implementing a schedule for software upgrades, ideally every month or as critical patches become available.
Equipment Review: Just like your software, you want your hardware to be up to date. As the new year begins, do a review of your physical equipment to create a current inventory of what you have. Once you have that, you can discard equipment that is old or unused, and make better decisions about your infrastructure needs going forward.
Backup Systems: Adequately backing up your data is crucial to security. You may have backup systems or disaster recovery plans in place, but when is the last time you checked to see if they actually work? The new year is the perfect opportunity to do an audit to ensure that your systems and critical data are, in fact, backed up and can be recovered if necessary. The best time to test a business continuity disaster recovery plan in place is before you actually need it and before your clients ask for it.
Anti-Virus Measures: Many firms rely on software to help keep out intruders and stop malicious attacks. Going into the new year, review the various anti-virus solutions, firewall systems, and host intrusion prevention systems that you have in place to make sure that they are not just up to date, but performing the tasks you need to meet your security objectives.
Mobile Devices: When it comes to law firm IT, few areas have changed as drastically in the last decade as the expanded use of mobile devices. Chances are, your users are using lots of them, and have probably changed the mobile devices they use in the past year. Run a review of the mobile devices that have connected to your system, and delete or purge those that have not connected in a while. Mobile device management starts with active monitoring of exactly which devices are being used to access your systems and data.
Physical Security: While law firm IT departments typically devote most of their time to security systems and the firm's virtual presence, it's important not to forget your physical environment. The new year is a good time to test things like your smoke alarms, UPS (uninterrupted power supply), and security cameras.
In an organization as complex and with as many moving parts as a law firm, there are countless factors that go into securing data. By starting with the measures outlined above, law firm IT departments can ensure that they are in a good position going into 2019 to accomplish their security goals for the coming year.
If your firm's IT department institutes the right changes and upgrades now, you'll look back on 2019 as a success as it relates to data security.
Eli Nussbaum is a managing director at Keno Kozie Associates. He joined the firm in 1998 as part of its Y2K audit team. Eli then became a full-time engineer and has held every position within the department. During his tenure with Keno Kozie, he has focused on physical, virtual and cloud infrastructure design and implementation for both client and desktop environments.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250