Even for the small practice attorney, much attention is needed to secure the office's data. While this goes for many businesses, attorneys in recent times have been targeted by scammers seeking client data among other sensative information. The topic of data security came about for this author after reading a good post from another blogger located in New York, who also happens to be an attorney. He writes about how firms have been passed fraudulent settlement checks, and how others have been targeted by hackers in referencing one firm in particular who sued the Chinese government after its Gmail account was hacked into by Chinese activists.
One disadvantage for the small practice or sole practitioner office is we rarely have an IT person on our staff to address the issue of internet security, let alone fix our system when it goes down. Such work is typically outsourced to a third-party company when maintenance or repairs are needed. The question then becomes how can we secure our data in an effective and cost effective manner? If large firms sometimes have data security breaches, certainly the small office is more vulnerable - though a smaller target but a target nonetheless. William Chuang, an attorney who just started a firm, and blogger mentioned, suggests to do the following, which I believe is good advice:
"Make sure the check number on the bottom matches up with the check number printed on top, and that the routing number is nine digits. If it is a large amount, have the client wire the money to you. I had a prospective client who insisted on writing me a big check to hold in escrow for another party. I asked to have the money wired into the account instead of taking a certified check. Never heard from her again.
As far as computer security, all systems should be running fully-patched version of the software, and a anti-virus security suite.
Users should not be running any programs that are not crucial to business functionality on their work systems, such as iTunes and
the like. A file server should be secured against hackers by using non-standard ports, strong passwords, and setting them to reject
IPs with a certain number of bad login attempts. Mail should be hosted with trustworthy companies."
Outside of hacking into email systems and databases, check scams appear to have victimized more attorneys lately. Another good article on how to avoid check scams is at the Oklahoma Bar Association website. "The best practice to be safe is to go to your bank and ask to send the check for 'collection.'" I highly recommend reading the article at Okbar.org to learn more about this measure.
In the end, it is important for the attorney to know the client. So, when interviewing always ask the client how they found you, and be especially cautious if the client came to you off the internet. Ironically, where once people came to us seeking help for being victims of scams, attorneys need to beware themselves.
