Written by: Brad Gabriel
Most law firms in Australia boast possessing state-of-the-art multifunctional digital printers and photocopiers in their offices. The promise of performing technological feats at impressive speeds means that these machines are regarded as office staple in today’s data-driven law firm environments. Unfortunately, however, not every law firm is aware that these very same machines contain hard drives that may pose high data security risks. EVERY document that is processed through such multifunction devices would be stored as image files in the hard-drive that can be hacked at any stage.
A security breach, as we all know, can very quickly jeopardise a law firm’s reputation and have potentially serious professional, legal and financial consequences.
Law firms process copious amounts of data on a daily basis – a fair proportion of it contains highly personal and sensitive data (identity certificates, bank records, contact details, utility records, pension information, income tax information, asset ownership information, intellectual property information are only to name a few). For identity thieves and information hackers, exposed information is a treasure trove. Data stored in a digital printer or copier is most vulnerable when it is discarded or disposed of as residual data remains on the hard disk until it is properly wiped out. Even worse, some machines are refurbished and recycled and sold onwards!
What about Security Standards when Outsourcing?
So, if data stored and processed in-house in one’s own equipment is not safe all the time, is security guaranteed when data information processing and handling is outsourced? The answer to that will depend on how much emphasis is placed by your chosen service provider on issues surrounding information vulnerability.
Data security questions are among the first questions that should be asked of any outsourced provider.
“Where is the data going, where is it going to sit, how is it protected, who is going to see it, what are you going to do with it, how are you going to do it?”
The ISO 27001 Information Security Management certification provides a framework for security standards to be adhered to. The certification process requires a comprehensive evaluation of operations to determine how information is managed and the security controls that are in place. Successful attainment of the certification demonstrates that high levels of security are in place to protect information. As the most widely accepted certification available for supporting information and physical security and business continuity in Australia, ISO 27001 ensures that:
- risks and threats to the business are assessed and managed;
- physical security processes such as restricted/named access are enforced consistently; and
- audits are conducted regularly at each site that include tests of security and CCTV planning and monitoring.
“Since receiving our certification in 2012, information security has become a major focal point of our business processes. This focus has proved transformational in the development of our software, services and methodologies, and remains a key reason clients select LitSupport for their litigation support projects.”
Brad Gabriel, General Manager at LitSupport
The issue of security around data is no longer just a fashionable hot topic and has been identified as one of the top priority concerns for law firms in Australia. Security experts continually warn that “Australian law firms are putting themselves at risk of cyber blackmail by failing to adequately protect client data.”
Prudence pays no doubt, but by selecting a business partner that understands the priorities of law firms and conforms to its own high standards and industry best practices, data security concerns need not be as complicated as one thinks!