As more and more law firms have moved to mobile computing via laptops, tablets and smartphones, there has been a tendency to forget about security for the computer infrastructure, usually back at the office, which supports all this mobile access to information.
But as this tip is being written, there has been a rash of thefts of servers from law offices in Portland, Oregon. The thieves seem to be looking for information, and may possibly know where to find what they’re looking for, since the only thing taken in the robberies is the servers – not the desktop computers used by the staff.
As a part of your obligation to keep client information confidential, take a careful look at the set-up of your computer network. Make sure that servers are kept in a locked room, that the location of this room is not obvious to clients or causal visitors, and that keys to the server room are locked away in another office rather than left in the door or in a drawer nearby.
Make sure that the server has a strong password and, if it is reasonably new, you might also consider encrypting all your data, however, this will reduce the speed with which documents open and can be saved.
While you are not ethically required to protect confidential information against any and every potential attempt to steal it, the more physical barriers you can erect between a thief and your servers, the better off you and your clients will be.
You don’t need to make it completely impossible for someone to steal a server, you just need to keep them busy long enough for the police to arrive.