Skip to content
data security best practices for lawyers

Best Practices for Law Firm Data Security and Client File Privacy [Guest Post]

This article is for informational purposes only. It is not intended to be used in place of professional advice, treatment, or care in any way. Lawyers, law students, judges, and other legal professionals in Massachusetts can find more on scheduling a Free & Confidential appointment with a licensed clinician here.

Data security is critical for lawyers. Here’s how to start managing this risk as proactively as your clients and ethics standards deserve.

We thank the team at for this helpful guest post. Before jumping into this practical primer, check out the extensive writing on data security Heidi has published here on our blog, and plan to get caught up.

An Update on the Massachusetts Data Privacy Laws [Secure Your Data: Part 1 of 3]

Top Digital Data Security Tips [Secure Your Data: Part 2 of 3]

Encryption Basics [Secure Your Data: Part 3 of 3]

Data Protection on the Go: Security Tips for iPhone Users

5 Steps to Minimize Data Breach Risks in Your Law Practice

.   .   .

Lately, law firms have found themselves as increasingly-frequent victims of computer hackers trying to steal private client information. As hackers become more sophisticated in their skills — and ruthless in their deployment of those skills — firms must take strides to secure law firm and client data.

There are ample reasons for doing so. For example, law firms have an ethical obligation to keep client data private. According to ABA Model Rule 1.6(c):

A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

The ABA doesn’t, however, clearly define what “reasonable efforts” look like. As a result, firms are left to decide how to best protect client secrets and information on their own. As you might imagine, these efforts have met with spotty success. Approximately 80 percent of large law firms have suffered from some form of data breach.

5 Best Practices for Law Firm Data Security & Client File Privacy

Here are five best practices for law firms in securing private information. We encourage you to analyze your firm’s security protocols against this list and incorporate any missing elements into your firm’s efforts.

    1. Encrypt your files. Within minutes, you can easily set up file encryption on your computer, tablet, and smartphone. There are no (valid) excuses to ignore this step. It is easy to implement and free (or nearly so).
    2. Use secure Wi-Fi connections. Set up a virtual private network (VPN), which provides you with a secure connection to the Internet. Also, visit sites with SSL certificates whenever possible. In the absence of these security steps, anyone sharing a Wi-Fi network with you can see what you’re doing online.
    3. Setup two-factor authentication for online accounts. Two-factor authentication makes it more difficult for hackers to access your key accounts. It requires both a password and a unique code tied to something you have, like your phone.
    4. Use good passwords. At Lawyerist, we define a good password as one that is “unique, not found in the dictionary, long, and contains letters, numbers, and symbols.” To be “unique,” you’ll need a different password for each account you own. Sound horrible and untenable? Well, it isn’t. Use a random password generator for greatest protection, which often comes with easy-to-use password managers like LastPass, 1Password, Dashlane, and KeePass.
    5. Watch out for risky emails. Email threats are increasingly sophisticated, with hackers finding ways to make fake emails look real. Look for emails with obvious grammatical and spelling mistakes. As for those offers that sound too good to be true? They are. Don’t bite.

In our expanding digital age, technological competence is a prerequisite. Take an hour or two to learn about computer and Internet safety. Then, at a minimum, implement the simple steps we have outlined above. You have practical and ethical reasons to do so, for both your firm and your clients.

Get Help Securing Your Firm’s Data

If you’d like additional information about implementing law firm data security and client file privacy measures, we welcome you to download our 4-Step Security Upgrade whitepaper. It will walk you through many of the steps outlined above in greater detail. And while these best practices will not make your data impregnable, they will avert the most opportunistic hacking attacks.

And before you go, one more resource from us at LOMAP for Mac users – How to Secure a Mac-Based Law Practice, an edition of Webinars for Busy Lawyers presented by Tom Lambotte.

.   .   .

This post was delivered by the team. Lawyerist is home to the largest online community of solo and small-firm lawyers in the world, where we help lawyers start, manage, and grow successful practices.

CATEGORIES: Ethics | Risk Management | Technology
TAGS: cybersecurity / data security / protection | file retention & disaster planning / recovery

Share This

Related Posts

Back To Top