Wednesday, February 19, 2014

Cyber-Security: How to Protect Your Clients

The recent Target data breach is bringing the issue of data protection to the forefront of business concerns.  As a result , a number of nationally recognized organizations that specialize in security issues are investing in an effort to better combat data phishing.  Target has invested $5 million in a multi-year campaign for this effort.

So what should law firms do to ensure they are diligently protecting client's personal data?  Here are some tips:
  • Don't collect what you don't need.  Thieves can't steal information you don't have.  Destroy information responsibly once you close a file on a client. 
  • Obtain a third-party seal that verifies your business uses an appropriate level of security to protect your website and any Internet transactions.  This visual tool will help clients feel you are taking their private information seriously.
  • Make sure whatever information you communicate to your customers about how you protect their data is accurate and up-to-date.
  • Don't store magnetic stripe cardholder data or the CVV or CVC code after authorization and don't store cardholder data in an unencrypted clear text systems. 
  • Update virus protection and security software.  Ensure all anti-spyware, anti-malware, and security software are up to date for ALL computers in the firm, and any used off-site that store client files.
  • HAVE A PLAN.  Know what actions you will take if a data breach does occur.  Not only will this help prevent future data loss and penalties but it will help maintain client confidence in the firm.

No comments: