The Biggest Security Vulnerability for Law Firms

For some odd reason, North Carolina is at the epicenter of the debate regarding the ethics of cloud computing. There’s an opinion in the comment period now awaiting final approval.

The concern with the cloud is security. Will client data be safe?

The answer is, of course, that our client data won’t be safe.

Why? Because most law firms let lawyers pick their own passwords.

What do they pick?

Randolph21 (or something like that). They use it on every site they visit.

When the system forces them to change their password, they change it to Randolph22.

Then Randolph 23.

It’s genius.

You can build the most amazingly secure system on the planet, but if you leave it up to Randolph to set the password, then the game is OVER.

Of course, this isn’t just a problem for the cloud. It’s the same issue for the system in your office if it’s accessible from outside (and inside if someone decides to break in). If you’re using a remote desktop of any variety, you’re opening up the door if you don’t have decent passwords.

My preferred approach is to use software that remembers my passwords for me and is itself password protected. I’m using LastPass. I use 18-character passwords containing uppercase and lowercase letters, numbers, and symbols. It’s easy to use, and it works on my computer and phone.

If you’re really worried about protecting your client’s data, then start with the basics.

Do you hear me, Randolph?