9 Data Security Questions You Should Ask Your IT Provider

Wondering how secure your data is? Ask your Cloud, SaaS, or existing IT provider these nine questions to make sure it’s protected. Their answers could mean peace of mind—or they could mean that your future will hold a data breach, data loss, or a cumbersome recovery process after a disaster.

  1. Do you have an intrusion prevention/detection system?

An intrusion prevention or detection system senses strange traffic on your server. Hackers continually scan IP addresses, searching for vulnerabilities. An intrusion or detection system recognizes when they’re attempting to break in and cuts off their access.

Occasionally, a user can inadvertently mimic the signs that an intruder is attempting to break in. For example, someone might enter the wrong passcode into a Smartphone, and cause a glitch to occur where the phone tries repeatedly to log into the system. Does your provider have round-the-clock security staff to restore access in case something like that happens?

  1. Do you support two-factor authentication?

Two-factor authentication requires two components for an attorney to log in. This type of authentication makes it impossible for a person or an automated system to log in to a computer by remote and start guessing passwords.

Here’s one example of two-factor authentication: When a user logs in to his or her system, a mobile application confirms that the user is trying to log in. The user cannot log in to the system until the user has confirmed his/her identity on the mobile device.

  1. What government/industry security standards has your environment been tested for?

Any law firm with clients who store, transmit or access protected health information must be HIPAA-compliant. Depending on the sensitivity level of your data, your cloud, SaaS, or IT provider should maintain an environment that meets the security standards you need. It’s also necessary for any business that accepts credit card payments to be PCI-compliant.

  1. What type of firewall are you using?

The answer you should hear from your provider is: an enterprise-grade firewall that is routinely patched. An even better answer would be that the provider has more than one of those firewalls in place. That way, if one firewall fails, there’s another present to act as back-up.

  1. Are the employees who have access to my information data-certified? Do they have certification on security procedures?

This is an important question to have answered because who can access your data (and their level of experience and expertise) could mean the difference between mishandled information and security. Administrators that have access to clients’ data should have information security certifications, specialized training, and execute non-disclosure agreements.

  1. Do any third-party providers have access to your hosted environment?

Let’s say that there’s a problem with an application hosted on your environment. What protocol does your cloud, SaaS, or IT provider follow? Does it allow the application vendor onto the virtual server? If so, that gives a third party access to all of your data, which puts it at risk and violates the HIPAA standard.

  1. Does the cloud, SaaS, or IT provider support encryption of data on the server, including email?

Email is an often overlooked factor in data security. For it to be completely secure, it should be encrypted—even when it rests or is in transit. This is the most common security vulnerability because constructing the appropriate security measures is difficult for a typical IT department to do; it’s a complex process that requires a high level of expertise.

  1. Do you routinely perform internal and external security scans to seek vulnerabilities?

A provider might believe that they’ve set up a secure environment—but technology is constantly changing, which means that the ways in which intruders attack are constantly changing.

To make certain that your data is protected, your provider should be performing security scans regularly. These scans are required for both PCI and HIPAA compliance; to be HIPAA-compliant, both an internal and external security scan need to be performed at least once a year.

  1. Does your provider have a secondary site for data storage?

What happens if all of the redundancy fails and a major disaster strikes? If something, such as a theft or a fire, were to happen at your location, are your disc back-ups replicated offsite? Many organizations omit that step. And, even if you do store back-ups at a secondary location, is that location secure? Do only your provider’s employees have access to the data at that location—or can a third party access it as well?

If your data is replicated and secure, how long will it take you to get back up and running? It could be hours. It could be days.

Constant protection

Redundancy is built into every security measure at Legal Workspace. That means clients’ data is constantly being monitored and protected.

Legal Workspace’s HIPAA Compliant Edition (HCE) achieves the highest level of data security because it is both PCI- and HIPAA-compliant. Employees are all HIPAA-certified and have additional information security certifications. They’re the only people that have access to your data: third party vendors aren’t permitted to access Legal Workspace’s environment.

There’s no need for attorneys to be concerned about email vulnerability; Legal Workspace encrypts email in transit and in your inbox. And, clients’ data gets backed up to a second data center, which means that you could be back up and running within minutes in the aftermath of a disaster.

It’s very difficult for a small—or even a medium-sized—law firm to build a solution that answers all of these questions appropriately. . . working with an expert in data security and cloud services for law firms, like Legal Workspace, will give your law firm the highest level of security at a fraction of the cost to do it on-site. Keep your data secure and protected by making sure the best safeguards are in place.

7 Advantages of the Cloud for a Law Firm

Law firms make one important choice that affects numerous other aspects of their business: whether

  1. to set up their own IT infrastructure and house data onsite or
  2. use a cloud-based solution to host all of their applications and data.

Here are the seven ways in which a law firm will benefit from the cloud:

  1. Maximize Internet Security

The Legal Workspace (LWS) solution has four internet providers protected by redundant enterprise-grade firewalls and an intrusion detection/prevention system that has the ability to do dual-factor authentication.

7 Advantages

This level of security is difficult—if not impossible—to replicate in an onsite IT environment. Certainly it’s out of reach for small firms with limited budgets. As a result, many small firms end up with imperfect solutions, such as a consumer-grade firewall protecting their onsite server.

Joe Kelly, Founder and CEO of Legal Workspace, says, “We’re able to offer small law firms better internet security than most Am Law 100 firms have in place.”

  1. Reliable Physical Security

Some people question the importance of physical data security. After all, if someone were to penetrate a firm’s physical defenses, they’d still need to log in to the server. But, physical security is very important: Backup media could be stolen; it’s even possible that someone could take the whole server.

LWS’s servers are located in secure data centers. To gain entry, authorized LWS employees must provide biometric identification as well as an ID card. “Only our people have the code to physically access our servers,” Kelly says.

  1. Immediate Disaster Recovery

Our enterprise-grade equipment is housed in two data centers in different states. “Only our full-time employees have physical or electronic access to these redundant systems,” Kelly says. That means that if something were to happen at the data center in Colorado, our cloud services could still operate because of its intact center in Texas.

That’s one of the disadvantages of storing data in onsite servers: Should something like a fire happen onsite, a law firm would be able to eventually access its latest backup in the cloud. But, restoration could take a few weeks—which could be devastating to business.

That problem doesn’t exist if a law firm uses Legal Workspace’s cloud services. In the same situation, “They could go to any electronics store, get new laptops, log into their secure cloud environment, and they’ll be right back where they were. Even their Windows desktop is sitting in the cloud,” Kelly says. Nothing lost, no delays.

  1. Predictable IT Budgeting

Technology equipment has to be depreciated over five years, but firms often have to buy the latest version of document management software or a new server every two or three years. It’s hard to anticipate what will be needed when.

LWS’s regular monthly fee means IT spend will be a known quantity with 100% predictability. And, with that monthly fee, customers automatically are upgraded to the latest versions of legal software included in the package they select.

  1. Eliminate IT Distraction and Hassle

“Every law firm has to run a little IT department,” Kelly says. Even if a firm only consists of three people, the managing partner still has to spend time and energy configuring technological needs and managing vendors. A larger firm might have a full-time IT person on staff.

None of that is necessary if a firm uses our all-in-one cloud solution. For a monthly fee, all IT worries evaporate, and lawyers can get back to doing what they excel at doing: practicing law.

  1. Inherent Remote Access

Typically, configuring remote access for firm lawyers and staff can be a painful experience with a lot of extra work and expense. Larger firms might need to set up a terminal server or a Citrix server cluster. Small firms might utilize a service such as GoToMyPC, which allows subscribers to access their desktop remotely for a fee.

Those options can work, but they don’t have all of the advantages of a solution like LWS. Our whole cloud system is remote: Even when lawyers are sitting in their office at a desktop, they’re accessing the files remotely when they’re logged into LWS. In other words, setting up remote access is just part of the process of working with LWS and not an extra step.

  1. Experienced Law Firm Cloud Services

Hundreds of law firms that want the advantages of a cloud-based solution have been using LWS’s services for years. As a result, LWS has seen what methods and strategies work well, which means they get it done right the first time.

Kelly says, “There’s no guess work for us. We do this work over and over, and it’s all we do. We pass along the benefit of our experience to our customers.”

A cloud environment makes technology more accessible to every member of a law firm, regardless of size. But, a cloud environment like LWS does much more than that. From security to ease of use to predictability to flexibility, LWS removes the obstacles of working with technology. It renders technological issues invisible, which allows its users only to see—and benefit from—its advantages.

7 Advantages of the Cloud for a Law Firm