Cloud service providers

What to Ask Cloud Service Providers about Protecting Data in your Law Firm

January 27, 2017


Hackers are targeting law firms. Client data stolen can be used to blackmail, find insider information (if the law firm deals in mergers), or the more simplistic identify theft. Cloud service providers are companies that deal with some aspect of the cloud. They are a great resource about upcoming technologies, storage capabilities, and security measures against hacker groups.

An experienced cloud service provider, such as TOSS C3, can help to find security leaks in your current system configurations. You can also check out the book, Easy Prey:

Hackers May Already be in Your Network

As of late, it has been all over the news about three Chinese hackers who used severe hacking techniques to break into seven law offices and steal $4 million by placing trades. Some of the information left out is that the hackers had embedded code in two of the law offices since 2014. And that, over the next year – through 2015 – they would attack the other five law firms over 100,000 times trying to gain entrance into their network.

As of December of 2016, it is still unsure if the hackers had laid code into the five international law firm’s networks. Manhattan US attorney Preet Bharara was quoted as saying, “This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”

The fact is, they did not use severe hacking techniques. According to Reuters, “by using a law firm employee’s credentials, the defendants installed malware on the firm’s servers to access emails from lawyers, including a partner.” Find out more about hacking risks by following our blog:

Steps to Strengthen Cloud Security

There are many things a company can do to limit access from hackers, we will cover some strategies here:

  • File Encryption – Encrypting your data is a solid deterrent to hackers as long as it is used in conjunction with other methods. Cloud service providers can help to find the right kind of encryption utility that will work the best for your cloud configuration.
  • Two-Step Verification – This verification process requires more than just a password to log in to your account. This may not be needed for everyday functionality, but for secure or mobile situations, this is ideal. There are several types of authentication tools, but a typical form of two-step verification would be a password, and then a code that might be sent to your phone for a second verification.
  • Secure Passwords – This sounds obvious, but people just don’t understand the nature of the beast. A solid password is a password that does not resemble any other word. So, changing password to Pa$$word is not a solid password. Try something like A2&H-4n69-AkfR-3%aD. This is a solid password. It may be a bit of a hassle to enter each time, but that is the idea, to make it difficult, especially with secure data.

It is important for law firms to stay updated on modern technology. According to the American Bar Association “the lawyer should stay abreast of technological advances to ensure that the storage system remains sufficiently advanced to protect the client’s information, and should monitor the changing law of privilege to ensure that storing the information online will not cause loss or waiver of any privilege.” A cloud service provider can answer all of your questions regarding the security of cloud data.





Let's Start a Conversation.

Connect with us and experience the TOSS difference.

Send this to a friend