Today, nearly everyone stores something in the cloud, whether it be photos, music, or documents. Cloud backs up your files, alleviates the need to purchase costly extra storage, and easily makes your files accessible from multiple devices. But one must take different factors into account when considering cloud for personal use versus cloud for professional use.
While generally quite secure – and with many advantages – cloud storage is not without security risks. While nobody wants their data to be breached, the risk to a law firm of having its data – or clients’ data – breached could have severe, far-reaching consequences. Therefore, law firms in particular should carefully consider several factors when choosing a cloud platform.
It is vital to understand what security practices the cloud and cloud provider have. Some important questions to ask are: What security standards and regulations does the cloud provider abide by? Is the cloud regularly audited by a third party? Does the provider perform penetration tests? What is the process and notification policy if a breach is suspected of the cloud? What is the backup and disaster recovery plan? Having a clear picture of the cloud provider’s security standards will inform your law firm whether the specific cloud will meet your and your clients’ security and compliance requirements.
Strong Password and MFA
How you will protect access to everything stored on the cloud is an important part of security, and passwords are the first line of protection for any cloud account. Firms must develop strict password policies and ensure every user adheres to them. A good password is complex and is comprised of capital and lowercase letters, numbers, and symbols. Passwords should not be reused and must be changed on a regular basis. Firms must also enforce the use of multi-factor authentication (MFA). This adds an extra layer of security by requiring users to confirm their identity via a second method, such as answering a question or inputting a token or code sent via email, text, or authentication app.
It is important to ensure that all data is encrypted when sent to and from the cloud, which is referred to as “data in transit” or “data in motion.” This means that the data will be impossible to read if it is intercepted. You must also understand whether your data is encrypted while being stored, referred to as “data at rest.” Should the cloud be breached, this feature offers an additional layer of protection. It is important to note that not all cloud services encrypt data at rest.
Limit Accessibility and Deactivate Former Users
A best practice is to limit who has access to which files in the cloud so that data does not get into the wrong person’s hands. In addition to partners, associates and other attorneys, most law firms have non-attorney personnel who facilitate day to day operations of the firm. It's important for management to be aware of who has access to what data. Additionally, as soon as someone leaves your firm or a contract with a vendor ends, it is essential to terminate the associated access to your cloud.
Manage Devices that Access the Cloud
At Tabush Group, we always say that your cloud is only as secure as the devices accessing it. There is a convenience factor when firms do not limit the devices that can access their cloud files, but that means unsecured devices can provide potential pathways to cybercriminals. Law firms should never allow someone to log in to the network from a public computer or via public Wi-Fi.
Boxtop is Tabush Group’s fully cloud-based Windows desktop. All of your applications and data live in the same cloud, making them seamlessly accessible from any secured device, at any time. With fully redundant systems that are monitored 24x7x365, you can always trust that your data is safe with Boxtop.