We are all aware of the theft of a massive list of customer emails from Epsilon, a third-party marketing company. We also know how damaging this can be for companies like Epsilon, and the companies that do business with Epsilon (companies like Walgreens, TiVo, Capital One Financial Corp., JPMorgan Chase & Co., Verizon Communications, even Sears). A scandal this big is embarrassing, can cost millions of dollars in lost business, and subjects the company to an inordinate amount of risk. What’s it mean for your law firm?
Within the confines of your IT environment is a plethora of goodies for the bad guys to steal. Your clients, their email addresses, their social security numbers and all your other intellectual property for starters. You need end to end security that works 24/7/365 – because, let’s face it, the bad guys aren’t thinking about changing careers.
It’s not that Epsilon didn’t leverage these tools but I figured I would compile a small list of things that any law firm could benefit from, whether you’re a sole-practitioner or a 100 attorney firm. Here are a few of those must-haves:
Anti-virus, anti-malware, anti-spyware & anti-spam
When it comes to all the anti’s out there, each has specific purpose in life. Accordingly, you’ll want a product that bundles them together instead of buying them separately and/or from separate manufacturers. The reason you want this is because it’s easier to ensure uniform coverage throughout the environment, there are less moving parts to manage and when you use different manufacturers for various tasks, the systems can compete with one another rendering each other useless. Plus, buying separately usually costs $20 per suite; get all four together and your cost is reduced to about $50 for all four suites. Doesn’t seem like a big deal but when there are 20 workstations it adds up. Try $600 per year in savings plus better security.
A dedicated internet firewall
A firewall is a device that denies malicious intrusion into your environment. Since intrusions result in theft and in damage, it’s important to put a firewall in to reduce the chances of being damaged. There are two types of firewalls: a software based product and a hardware device. A hardware device is preferred because it stops entry before it enters your environment, whereas a software firewall (usually integrated into you’re a/v console) allows entrance into the environment where the intrusion is denied at the individual workstation or server level. We prefer not even allowing it to travel in the network. At a minimum you’ll want at least one of these solutions at your firm.
People often underestimate the impact spam has on workflow. Say each of your ten attorneys gets ten pieces of spam per day, each works 250 days in a year and each spends five seconds identifying and then deleting each piece of spam. That equates to almost 35 hours of time wasted clicking the delete button. Factor in a billable rate of $150 and your potential loss is $5,250 in a single year. Deploying a spam filter usually costs about $5 per month per person, so for ten people the cost would be about $600. Also, it’s just bad policy to have spam in the environment as it is; spam is loaded with bad links and viruses, not to mention it can result in the accidental deletion of non-spam emails from your clients.
Intrusion prevention is a form of security that monitors both network traffic and activity, aiming to catch the bad guys before they steal your stuff by using sophisticated behavioral analysis. Typically, if hackers can get into your server they use the server to host bogus websites that steal people’s money (sometimes called Phishing). Once caught, this gets the firm’s domain blacklisted and then the firm is in a world of hurt. Your security solution should look to add this to the portfolio of other tools you use to secure the network. Not all a/v manufacturers offer this and you should look to see who does and doesn’t when shopping for the products you want to use to increase firm-wide IT security.
Managed Services is one of the fastest growing sectors of the technology industry. Law Firms need more predictable, proactive IT services to deal with rampant security threats, evolving technology, and to level spending patterns. A Managed Services Provider (MSP) will often be alerted of a virus infection or security threat before anyone if your firm even knows about it. Here are a few tips for selecting a good Managed Services Provider.
These are just a few of the things you’ll need to prevent an Epsilon-Gate at your law office. All of these tools can usually be bundled through a single manufacturer which helps lower your yearly security costs while reducing the likelihood of a civil war between you’re anti-virus, anti-malware, anti-spyware and anti-spam. For more security tips, check out one of our older posts on suspicious emails.