The first thing a law firm does when it thinks about protecting client data is to do everything it can to fend off outside threats. Time is spent in deploying complex security systems and cameras, locking files in bulletproof safes and installing and configuring strong encryption and passwords for data on company servers. However the outside threat is rarely something that needs protecting from. It’s on the inside that things get more frightening and more devastating.
Numerous cases have appeared where client data was compromised by the firm’s own employees and put to malicious use such as identity and money theft.
How can a law firm protect itself from within?
Limiting File Access
In smaller firms and solo practices, having a type of file control system would be overkill. However as a firm grows in size, so do the number of people who have access to the data. Is this necessary? Can everyone see the client’s data? If you had a file clerk to control and monitor your client’s files, you would be able to limit access and be more prepared to pinpoint the culprit in case someone misuses the information.
The same could be said for server and computer data access. It’s critical to know who has access to what as your law firm grows. In addition to this consider investing in an encrypted storage system.
Prevention is the best medicine. The same rings true when it comes to security. Review access logs on a consistent basis for unusual access behavior. It’s best to know before an incident happens rather than to respond after the fact. Also keeping a closely monitored system in place will encourage employees to keep their interests strictly on what they are supposed to handle.
Regular random drug tests will weed out any drug addicts that work in your office. While there is great controversy on this subject, the fact is that someone who is addicted is more prone to become a liability to the firm and the clients – the question is only of time.
Lie Detector Tests
All employees that sign up are made aware of the condition that a polygraph test may be required of them at any time, for any reason. While not a 100% accurate method of screening for malicious intent, the idea of a polygraph examination it is an effective deterrent against unlawful activity.
When hiring anyone, you should think first in the risk/benefit that a person brings to your company. If you’ve hired someone who has had a past criminal record and either gave it a pass or didn’t perform the background check in the first place, your firm’s liability has increased either way. The question isn’t “if they don’t commit another crime”. A business is not about second chances or excusing past behavior. It’s about providing a service and keeping the firm operating. Without a background check you put both these things at risk.