Five Steps to Help Avoid Worst-Case Scenarios

Tip Sheet: Protecting Client Data

Law firms can’t afford to have anything less than an urgent approach to protecting client data. A single case of unauthorized access to a file or page of notes could potentially cost firms millions of dollars in recovery costs and a tarnished reputation.

You can help your firm by making document control and security a top priority. Here are five actions to consider when you get started.

1. Conduct a comprehensive workflow analysis.

Review and document everything that happens with documents that have sensitive client information.
Consider questions such as:
Where are they stored?
Are they indexed and classified?
Are they secured while in use, in transit, or at rest?
Who has access to them?
If you don’t have a way of obtaining this information, talk to a professional familiar with document workflow security. This capability is beneficial in today’s environment of increasing cybersecurity threats.

“The legal industry needs to be smart about data protection, and unfortunately it's my belief that law firms don't always take the appropriate precautions.” – Jared Staver, Staver Law Group

“To secure your data, you first need to know where it is. Identify sensitive information and track where it is stored, processed, and transmitted. Make sure to include mobile devices and USB drives.”

Source: Digital Guardian, “Law Firm Data Security: Experts on How to Protect Legal Clients’ Confidential Data,” Feb. 16, 2018

2. Use only vendors that offer products and solutions THAT ARE ALIGNED with the firm’s workflow-security standards.

Seek vendors that can provide a system for tracking who is handling workflow documents and what they are doing with them, i.e., scanning, copying, printing, distributing. Implement solutions that can track paper files, digital files, email attachments, and other documents that contain sensitive client information. Exposure can happen at any point during a firm’s possession of the information.

In the event there are questions about how a document was used and handled, you need a solution that provides fast and easy access to that information.

MOST COMMON TYPES OF SECURITY POLICIES AT LAW FIRMS

60%

documents/record management and retention

56%

email use

51%

internet use


Source: American Bar Association 2017 Legal Technology Survey

3. Leverage your office equipment’s security features.

Using document-workflow solutions and office equipment that have easy-to-use security features (such as badge scanners on printers) can help restrict document access to authorized personnel within the firm, and protect data from inside breaches. Task your IT staff or enlist a Canon certified specialist to “harden” your devices by activating the extensive security feature sets that reside within the equipment to help limit penetration from the outside.

It’s especially important that office equipment has security features that are transparent to users and are not otherwise disruptive to workflows. Smooth and continuous operations are important to law firm performance and financial health.

EMPLOYEE GROWTH CAN BE A SECURITY RISK

60%

of law firms believe headcount growth is a requirement to stay competitive

Source: Altman Weil, 2018 Law Firms in Transition Survey, 2018

4. Provide stakeholders with secure and intuitive file-sharing tools.

High-risk practices that professionals may use include emailing case documents back and forth on unsecured networks and/or relying on the use of USB drives which can contain malware. By giving your firm’s team easy-to-use mobile document sharing tools with user verification, you can help them adopt security features that still allow them to be fast and productive. This is an important capability, because transferring files with mobile devices occurs more often today.

Innovative solutions employ a variety of methods for securing client data, such as using a unique release code that can be sent directly to a compatible smartphone or another mobile device. The user can then enter the release code to access a document or send a document directly to a printer or copier within the firm.

Smartphone Usage is Exploding

77%

of Americans own smartphones.

Source: Pew Research Center, “Mobile Fact Sheet,” February 5, 2018

5. Look for opportunities to control costs as you choose TECHNOLOGY INVESTMENTS.

Partners sometimes must be convinced to invest time and money in new resources, even for something as crucial as client privacy. One way to increase the likelihood of support is to identify ways to control the cost of acquiring and using security solutions, such as leveraging advanced security features within existing equipment to harden their security profile when possible. Look for a document-security platform that is expandable and can be used with a wide variety of brands of printers, copiers, and other office technology.

Ultimately though, comparing the cost of a security solution versus the effects of the monetary and reputation losses from a data breach might be the most compelling business case for investing in security.

A Data Breach Could Cost More Than $7 Million

$7.91 million

Average total cost of a data breach for U.S. organizations in 2018

Root Causes of a Data Breach in 2018:

48%

malicious or criminal attack

25%

system glitch

27%

human error


Source: Ponemon Institute, 2018 Cost of Data Breach Study, July 2018
*based on benchmark sample

Client Documents Need Comprehensive Security.

Don’t leave document security to chance. Using a unified platform that provides security, access control, and ease-of-use for document and workflow management can help ensure only authorized people can access sensitive content.


Canon U.S.A. and Canon Solutions America do not provide legal counsel or regulatory compliance consultancy, including without limitation, Sarbanes-Oxley, HIPAA, GLBA, Check 21 or the USA Patriot Act. Each customer must have its own qualified counsel determine the advisability of a particular solution as it relates to regulatory and statutory compliance.

Canon products offer certain security features, yet many variables can impact the security of your devices and data. Canon does not warrant that use of its features will prevent security issues. Nothing herein should be construed as legal or regulatory advice concerning applicable laws; customers must have their own qualified counsel determine the feasibility of a solution as it relates to regulatory and statutory compliance. Some security features may impact functionality/performance; you may want to test these settings in your environment.

Neither Canon Inc., Canon U.S.A., Inc. or Canon Solutions America, Inc. represents or warrant any third-party product or feature referenced hereunder.

As of December 2018.