The cutting-edge information age is a great help to law and accounting firms, but it also creates a new set of security concerns for protecting their vast amount of confidential information.
“As more and more documents are being communicated and stored electronically, we can’t ignore security,” says Ken Jones, IT director at the Butler, Snow, O’Mara, Stevens & Cannada law firm in Jackson. “There are some key things to ensure security. The basic one is to make sure all systems are properly protected with passwords. I am amazed at the machines left open 24 hours a day.”
Dave Bufkin, IT director with HORNE LLP, sees protecting information as a constantly changing challenge.
“The number one issue is data integrity and safety, making sure we have the right information safe and only appropriate people have access to it,” he said. “The challenge is to make sure we have the right electronic measures in place and make sure the data doesn’t leave through employees taking laptops out of the office. We try to limit the data that goes out on laptops.”
Rick Bass, an attorney with the Phelps Dunbar firm, sees protecting sensitive information as one of the hottest topics in the electronic age. “We recently moved all our hardware for disaster protection to the middle of the country,” he said. “It’s a big security measure and affects our ability to serve our clients. We also have technical people in-house charged with securing our information.”
Jones cautions about the practice of employees putting information on jump or flash drives, which are the size of key chains and easily lost or misplaced. “With these devices, data can be taken with people very readily, especially flash drives,” he said. “Employees must take measures to encrypt and secure data.”
He also sees problems with a lack of Internet security and home access to firm information.
“Most home computers are not secure at all,” he said. “If people are allowed to take data home, it must be secured as more people now work from home. Others in the home may have access to the information, too, and home computers may be infected with viruses.”
E-mail, Jones warns, is sent as open text unless steps are taken to secure it. “There are many ways it can be compromised,” he said. “E-mail can be encrypted. Not all people support that, but we’re seeing it more and more in all size businesses. That way, if the wrong person gets it, it looks like garbage.”
Bufkin suggests that having all data in a secure, central network with employees logging in from remote locations is helpful. “We have learned lessons from Katrina of how to recover data with no redundancy,” he said. “If one location is down, others can continue to work, and employees can work remotely if they have to evacuate.”
He said the HORNE firm has also beefed up network security and has multiple safe and secure ways users can get on the network.
Danny Van Horn, an attorney with Butler Snow, says the speed and ease of communication today with cell phones with cameras, text messaging, blogs and e-mail make it easier for employees to quickly take with them confidential company information and harder than ever for employers to protect their information.
“It is even more important for employers to password-protect computers and databases and to have policies as to which employees have access and the limits of that access,” he said. “The Federal Computer Fraud and Abuse Act makes it a criminal offense and gives employers a right to a civil cause of action if another person accesses their computers without authorization or exceeds the authorization given to them.
“Practically speaking, companies must define access and take measures that would protect the information and show that the access complained of was either unauthorized or exceeded the authorization given.”
Contact MBJ contributing writer Lynn Lofton at email@example.com.