What are the Considerations?
Your practice is likely to contain a combination of digital and analog material. Aside from records, your practice will also have equipment such as computers, storage media, and other tools that can be harmed by catastrophic events.
Hazards such as fire, flooding, theft, or careless disposal of material can be equally devastating to on-site computers as they can to on-site paper files. Computer data is also susceptible to viruses, hackers, spyware, and other malicious agencies from the internet.
- Does your practice require connecting computers to a centralized server (client/server storage and retrieval of electronic files, use of centralized applications, etc.)?
- What type of hardware and software is required, such as accounting and case management software? And what type of training is necessary for you and your staff to effectively use the software?
- What data file protection for backup and disaster recovery is in place?
- Do you have access to reliable technical support?
- Is your network secure? It is essential to consider both the physical security of the computers and equipment in your office, as well as the security from the risks inherent in connecting to the internet.
It is very important to ensure your support staff understand and follow your policy for risk management of information and the use of technology. If staff leave or are fired, passwords on your system must be updated to protect your confidential information and intellectual property.
Take the time to consider how you will be able to continue providing legal services if something happens to you or your primary place of business. If, for example, your office equipment is stolen:
- Are you equipped to work from your home?
- If you have support staff, are they capable of working from home for a period?
Similarly, what will you do if your computer system is rendered inoperative for a period?
You must develop practical solutions to minimize loss of equipment or data, (e.g., installing sprinkler systems where appropriate, using fireproof cabinets, burglar alarms, firewalls, and antivirus software, etc.) and develop methods to recover from that loss, like storing copies of critical information and backing up digital information off-site. Keep in mind that some safeguards may pose their own risks. For example, a sprinkler system might stop a fire but damage paper files or computers.
A Sample Checklist
The following is a sample checklist. It is not exhaustive.
Consider these technology issues:
- Determine what type of computer you need, and how many, as well as what peripheral devices are required (e.g., printers). If you operate multiple computers, determine whether you need a centralized server.
- Determine what software programs (e.g., word processing, practice management, accounting, etc.) best suit the needs of your practice.
- Consider taking courses or tutorials to learn how to best utilize the software.
- Before you connect your computer to other computers, make sure you have firewall and antivirus software installed.
- Make use of passwords, keep them secure, and change them regularly. Your staff must also be reminded of this.
- Don’t let your security software become obsolete. Update your security software regularly.
- Ensure that you use an operating system that is sufficiently current to provide robust security features.
- If using a laptop, protect its contents with passwords, or store the confidential information in a password-protected and/or encrypted removable storage device.
- Seek professional assistance if you don’t have the technological skills to ensure the security of your equipment and information.
Establish a system for ensuring you and your staff use technology responsibly:
- Create a policy for using computers and technology, including one for working from remote locations, and make sure staff are familiar with the policies. Keep in mind that most people now have access to work email/files on their smartphone. Passwords and policies with respect to phones are also necessary.
- Make sure staff are sufficiently trained to use the software you have installed.
- When staff leave or are terminated, ensure their access rights are terminated.
- Establish a policy for use of your computer equipment by staff for non-work purposes to reduce the risk of viruses, Trojans, keystroke counters and other malware.
Engage in proactive information management:
- Establish a system for regular backup and capture of information, whether to an off-site server, to a digital storage media kept off-site or locked in a fire-proof cabinet, or to a secure cloud-based solution.
- If you have critical information in paper form (e.g. original wills), store copies in a fireproof safe or other similarly secure storage.
- Establish a system for file retention and destruction and integrate reminders into your computer system.
- Arrange technical support from a professional who is familiar with the special issues lawyers face regarding confidentiality and trust rules.
Want more information?
You can find more information on reliable management of digital files in Digital File Management – Practice Tips and best practices for cloud computing in Cloud Computing Guide.