Okay, so you're probably pretty smart. You're a lawyer, which also means you're going to be cautious and risk adverse. Those are some great qualities to possess when it comes time to lock down your firm's computers and make sure all your data is secure.
The first thing you want to do is implement state of the industry password standards. That means that to log onto a computer you not only need an employee ID and a password, but that password must be at least 8 characters long, and contain at least one of each of the following: an uppercase letter, a lowercase letter, a number, and non-alphanumeric symbol.
There are too many threats from hackers, and so many different operating systems used in law offices, from Windows 7 to Windows 3, that we can't go into them here.
Luckily, the NSA (if you hear a click when you pick up your phone, that's them listening) has put together a very comprehensive guide to protecting your software systems. Head over to their page, pick the operating system you use, and follow their instructions. It's as easy as format *.*.
Next, have IT go through every single employee's firm issued Blackberry and disable Bluetooth. Bluetooth is notoriously unsecure, and your phone can easily fall victim to what is known as "Blue snarfing." That is where someone sitting nearby accesses your phone through Bluetooth, and then secretly dials a 900 number, racking up some easy money. $3.95 a minute might fall short of BigLaw pay rates, but the phone hacker doesn't have to deal with legal work.
As far as your firm's security goes, by disabling Bluetooth you accomplish three things. You keep hackers from being able to access e-mails which may have sensitive information in them. You ensure that your lawyers won't mar the firm's image by wearing a Bluetooth earpiece. And finally, a lawyer caught calling a pay line can't use the "My phone was hacked!" defense.
If you follow all of these simple instructions, we're sure you're going to find yourself sleeping easier at night knowing just how well protected your computers are.
Unless, you have a single disgruntled employee. Then, that one employee can stay late one night, go into another attorney's office and log into that attorney's account. But you have super hard to crack passwords, right?
Yeah, well, those passwords are also hard to remember, which is why almost everyone keeps a copy of it jotted down somewhere easy to find. Probably in a desk drawer, on cork board, or under the keyboard. If it's not there, the disgruntled employee can just move on to the next office, it shouldn't take long to find someone with their password out.
Then, that employee logs in, goes to MS Outlook, creates a rule that forwards every incoming e-mail to the firm wide mailing list, and sets request return receipt as the default. After that, it's just a little matter of reversing the mouse directions, changing the Caps Lock options so that Caps Lock key turns it on but not off (Shift will turn it off), and switching the system language to Russian. Changing the person's password is just icing on the cake.
Move on to the next office and repeat, creating a network of computers continuously forwarding e-mails back and forth to each other. By morning, the entire thing should be fried.