Law firms and EU GDPR is the hot topic of the moment. On the 25th of May 2018, the new regulations will come into force and that leaves little time to prepare.
My two earlier articles on this subject looked at what the regulations mean and how you can prepare in terms of policies and procedures. This article focuses on four potential practice management headaches that, if not handled correctly, could put you in breach of the regulations and incur fines:
Let’s take a look at each one in turn.
First of all, cyber-security There has been much in the press recently about cyber-attacks and ransomware. The threat is not one to take too lightly.
Criminals target law firms specifically because they regard them as a “soft touch”. This fact has increased the frequency of cyber-attacks on the legal profession. The next stage for the criminals is not only to demand payment for unlocking encrypted data but also to start selling the data online. In fact, this is already happening.
GDPR will usher in increased fines for instances where client data becomes compromised. So, what can you do to keep your data safe? It all starts with staff training. Keep your employees up-to-date about ransomware and phishing attacks. Make sure they know how to identify suspicious emails and how to deal with them.
Training goes hand-in-hand with strong security measures. Your staff are only human and humans eventually get caught out. Install the latest email security and web filtering technology and make sure you keep it up to date. You can find out more about these from your IT specialists.
Outdated software is probably the key vulnerability that lets cyber criminals gain access to your systems and files. The most extreme manifestation of this is software that is so old that the supplier no longer supports it. When updates and security patches are no longer being provided, it really is time to replace the software.
From a GDPR standpoint, the correct way to go about things is clear. Firstly, eliminate all unsupported software and replace it. Secondly, regularly update all supported software.
If you have a case and practice management system housed on your own in-house servers, make sure updates and patches are applied immediately they become available. If you operate a cloud-based system, life is much simpler as all updates are automatically applied for you.
Train crashes do happen – usually because systems and protocols become compromised due to laxity. The same is true when it comes to the security of your data. It’s one thing to have the systems in place but it is essential to make sure they are being adhered to.
A missed security patch or software update is often the key that opens the door to cyber-attacks. To prevent this, you can take several measures:
And on the subject of passwords, use strong ones – no matter how inconvenient many people find this. The disruption caused as a result of a breach of security and the fines under GDPR will be costlier than this minor inconvenience.
Disaster recovery planning begins with backups. Perform these at regular intervals and store backup media somewhere fire-proof and preferably off-site.
Properly orchestrated disaster recovery allows you to get back to where you were in the shortest space of time possible. Time is the key factor. If your recovery and data restoration options mean your systems could be down for several days, perhaps it’s time for a rethink. The continuity and well-being of your business are just as important as the security of your data.
If downtime becomes a critical factor in your disaster recovery analysis, there is an alternative. Cloud-based practice management systems are updated and patched instantly. Backups take place many times each day – and usually in triplicate. Essentially, this means that you don’t have to worry about lengthy data recovery times. You just move seamlessly to a secondary environment which is a carbon copy of the original.
To get a fuller appreciation of the implications of EU GDPR, DLA Piper has produced a detailed report which you can view here. In particular, Article 5 of the new regulations states that all personal data must be: “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”. You can find out more about this and other aspects of GDPR from the Information Commissioners Office by following this link.
© LawWare Limited 1995-2018
Our clients range from small start-up legal practices to multi-partner, multi-site firms.
Another great customer service experience from LawWare. My laptop had to be stripped back to factory settings as part of a repair - taking hours! In contrast, restoring LawWare took one phone call to the support team and I was up and running in 6 minutes. If only everything was so easy!
As the first commercial user of LawWare back in 1998, we have had no hesitation in remaining with the product through its development. We thoroughly recommend it to any firm looking for a practice management system.
The helpdesk is exceptionally good. Whatever the query there is always a human being there to help. No leaving messages or being advised to go to a website. The best computer service for solicitors I have ever used!
The linking of documents and casefiles saves so much time! I have experience of several accounts packages and I like that LawWare is simple to use and easy to learn. Support is quick and effective and staff are helpful and courteous.
I have worked with a number of Case Management providers over the years but have not come across anything with the attention to detail and thoroughness of LawWare. My colleagues and I have not been disappointed.
I can’t imagine trying to be a law firm in the 21st Century without 21st Century IT systems. Having a ‘single system’ that underpins all the work, whether we are in the office or out, is an integral part of what we are building.
The level of support is the main benefit using this system. The system itself once you have had training is simple and easy to use. We have a great relationship with LawWare and the ongoing support is second to none.
Significant preparation was required to configure and import the data from our old firm. We had to get all clients onto the new system and then learn how to use it. We just find it very easy to use, much easier than our old system.
Being a busy litigator with a growing firm it is incredibly useful to be able to view my files from any location with some form of internet connection. I am a fan, and want to keep working with LawWare to make a good product great.
The switch to the new LawCloud system, which is still on-going, has gone very well. We found the LawWare team without exception to be very helpful and knowledgeable. All queries are followed up and dealt with promptly.