the NALS docket July 2011 : Page 82) Make sure your Security Policy is well documented for several reasons: a. You will want to be able to have proof the Security Policy was implemented; b. You will want to be able to quickly inform new employees of your firm’s Security Policy; and c. The documentation will make reassessment of the policy easier (see the next item). 3) Make sure that a periodic reassessment of the policy is part of the Security Policy. Things change so fast in the IT world—and in the legal profession as well. It is wise to rethink your strategy on a quarterly or semi-annual basis. It would be nice if you could just buy a magic cure for network security, but it is just not possible. Networks have become too complex and there are too many exploitable points of entry. Dealing with network security is just the trade-off for the convenience of being able to access so much data from so many places. There is no turning back now—the digital information age is here to stay. You owe it to your clients and your practice to ensure you are doing the right things to protect your and their data and to be able to document what you are doing to secure their confidential information. Finding the Right Help. If your firm already outsources some or part of the support of your technology infrastructure and you are happy with their services, ask them about designing, implementing, and maintaining a Security Policy for your firm. If you want to shop around, a web search for IT security consulting will yield plenty of results. Browse the results and create a list of IT security firms that appeal to you and contact them. Consider these criteria as you evaluate them: • How fast did they respond to your inquiry? Response time is very important, and any • • • • company that does not respond very quickly to an opportunity to do business should be crossed off your list. Are they well established? You do not want to enter into a relationship with a provider that is not going to last. Ask how long they have been in business and learn what you can about their management structure. Do they seem organized and professional? Are they the right size for you? IT support companies vary wildly in size, from one-man operations to companies that offer nationwide or worldwide services. Select a company that you think will have the resources to meet your needs but will also be able to give you the attention you want. Do they have an existing security practice? Ask for references and make sure to call those references. Ideally, the company you select should already be supporting law firms similar to yours. Ask peers in other law firms who they use for IT support or IT security, or check with people in your office who have worked for other law firms to see who they used and how they liked them. A little time spent choosing the right provider is a great investment. Find a provider who will relieve you or your administrator of the burden of taking care of your IT security. The bottom line is your firm’s success is built on serving your clients’ needs because they rely on your expertise in matters of law. Your firm’s IT infrastructure and data are tools to help you do just that. Have them cared for, protected, and maintained by experts. Bruce Campbell has worked in the IT industry for over 35 years. Prior to joining Clare Computer Solutions, he served as VP Sales for ADL Circuits, Inc. and Gateway Devices, Inc., as well as Co-Founder and VP Marketing for Value Net Internet Services. As VP Marketing of Clare Computer Solutions, Bruce not only manages the company’s marketing activities, but also oversees relationships with vendors, corporate communications, and brand presence. In addition, Bruce holds an EET Degree and is a Board Member and the Publicity Director for the California Bluegrass Association. the NALS docket 8 Publication List Using a screen reader? Click Here |
