Five Steps to Help Avoid Worst-Case Scenarios

Tip Sheet: Protecting Client Data

Law firms can’t afford to have anything less than an urgent approach to protecting client data. A single case of unauthorized access to a file or page of notes could potentially cost firms millions of dollars in recovery costs and a tarnished reputation.

You can help your firm by making document control and security a top priority. Here are five actions to consider when you get started.

1. Conduct a comprehensive workflow analysis.

Review and document everything that happens with documents that have sensitive client information.
Consider questions such as:
Where are they stored?
Are they indexed and classified?
Are they secured while in use, in transit, or at rest?
Who has access to them?
If you don’t have a way of obtaining this information, talk to a professional familiar with document workflow security. This capability is beneficial in today’s environment of increasing cybersecurity threats.

Use Security Features in Connection with Data on All Devices

“To secure your data, you first need to know where it is. Identify sensitive information and track where it is stored, processed, and transmitted. Make sure to include mobile devices and USB drives.”

Source: Law Practice Today, “Law Firm Cybersecurity Audits: Getting to Good,” February 12, 2016

2. Use only vendors that offer products and solutions THAT ARE ALIGNED with the firm’s workflow-security standards.

Seek vendors that can provide a system for tracking who is handling workflow documents and what they are doing with them, i.e., scanning, copying, printing, distributing. Implement solutions that can track paper files, digital files, email attachments, and other documents that contain sensitive client information. Exposure can happen at any point during a firm’s possession of the information.

In the event there are questions about how a document was used and handled, you need a solution that provides fast and easy access to that information.

MOST COMMON TYPES OF SECURITY POLICIES AT LAW FIRMS

56%

documents/record management and retention

41%

email use

34%

internet use/computer use


Source: American Bar Association 2016 Legal Technology Survey

3. Leverage your office equipment’s security features.

Using document-workflow solutions and office equipment that have easy-to-use security features (such as badge scanners on printers) can help restrict document access to authorized personnel within the firm, and protect data from inside breaches. Task your IT staff or enlist a Canon certified specialist to “harden” your devices by activating the extensive security feature sets that reside within the equipment to help limit penetration from the outside.

It’s especially important that office equipment has security features that are transparent to users and are not otherwise disruptive to workflows. Smooth and continuous operations are important to law firm performance and financial health.

EMPLOYEE GROWTH CAN BE A SECURITY RISK

56%

of firm partners believe headcount growth is a requirement to stay competitive

Source: Altman Weil 2017 Law Firms in Transition Survey

4. Provide stakeholders with secure and intuitive file-sharing tools.

High-risk practices that professionals may use include emailing case documents back and forth on unsecured networks and/or relying on the use of USB drives which can contain malware. By giving your firm’s team easy-to-use mobile document sharing tools with user verification, you can help them adopt security features that still allow them to be fast and productive. This is an important capability, because transferring files with mobile devices occurs more often today.

Innovative solutions employ a variety of methods for securing client data, such as using a unique release code that can be sent directly to a compatible smartphone or another mobile device. The user can then enter the release code to access a document or send a document directly to a printer or copier within the firm.

Smartphone Usage is Exploding

77%

of Americans own smartphones.

Source: Pew Research Center, “Mobile Fact Sheet,” January 12, 2017

5. Look for opportunities to control costs as you choose TECHNOLOGY INVESTMENTS.

Partners sometimes must be convinced to invest time and money in new resources, even for something as crucial as client privacy. One way to increase the likelihood of support is to identify ways to control the cost of acquiring and using security solutions, such as leveraging advanced security features within existing equipment to harden their security profile when possible. Look for a document-security platform that is expandable and can be used with a wide variety of brands of printers, copiers, and other office technology.

Ultimately though, comparing the cost of a security solution versus the effects of the monetary and reputation losses from a data breach might be the most compelling business case for investing in security.

A Data Breach Could Cost More Than $7 million

$7.35 million

Average cost of breach of private data for U.S. organizations in 2017

Root Causes of a Data Breach in 2017*

47%

malicious or criminal attack

25%

system glitch

28%

human error


Source: Ponemon Institute, 2017 Cost of Data Breach Study , June 2017
*based on benchmark sample

Client Documents Need Comprehensive Security.

Don’t leave document security to chance. Using a unified platform that provides security, access control, and ease-of-use for document and workflow management can help ensure only authorized people can access sensitive content.


Canon U.S.A. and Canon Solutions America do not provide legal counsel or regulatory compliance consultancy, including without limitation, Sarbanes-Oxley, HIPAA, GLBA, Check 21 or the USA Patriot Act. Each customer must have its own qualified counsel determine the advisability of a particular solution as it relates to regulatory and statutory compliance.

Canon products offer certain security features, yet many variables can impact the security of your devices and data. Canon does not warrant that use of its features will prevent security issues. Nothing herein should be construed as legal or regulatory advice concerning applicable laws; customers must have their own qualified counsel determine the feasibility of a solution as it relates to regulatory and statutory compliance. Some security features may impact functionality/performance; you may want to test these settings in your environment.

Neither Canon Inc., Canon U.S.A., Inc. or Canon Solutions America, Inc. represents or warrant any third-party product or feature referenced hereunder.

As of December 31, 2017.