Have you made any personal New Year’s Resolutions this year? Have you broken any yet 😊 How about some technology resolutions for your law firm in the New Year? And yes, I know that most people don’t keep their resolutions, but the odds of achieving the goals are vastly increased just by the act of making the resolution. And when they are business related goals, embraced and enforced by the whole firm, the odds are in your favor.
We've put together some technology resolutions for the new year for you. So, here you go:
1. Risk Assessment. Resolve to do an objective, complete and thorough cybersecurity risk assessment. Use a professional to help uncover any risks that are likely to impact your firm. Only after an honest assessment can you truly set some objective goals.
2. Strategic Plan. Resolve to develop (or update) a strong Strategic Plan with a Business Continuity component that's all encompassing - ensuring that your firm will be able to operate regardless of any potential interruption. Whenever possible, you need preventive measures to stop problems before they occur but also a strong recovery plan if something does occur, allowing you to pick up the pieces quickly and get back to work, while recovering the critical client and firm data.
3. Backup and Data Recovery. Resolve to have a strong Backup and Data Recovery Solution in case of a natural disaster, like earthquakes, storms or fires and man-made issues, external and internal to a firm. And that Backup needs to include all data stored locally on individual computers or laptops. Surveys show that only 40% of companies have any kind of documented disaster recovery plan and 40% of those that do have a plan in place, test it only once a year.
Are your backups working? Resolve to make sure that your backups are actually working. This means they're complete, they're accurate, they're tested, and they're fully redundant in the cloud. After a hack or crisis is not the time to find out that the backups are not complete. Make sure that you have redundancy in case one system fails and you know how to restore the data when something happens.
4. Secure your Network and your Information. Resolve to make sure that your network and all of the information on your network is secure. That means in addition to a secured firewall, perform penetration tests and make sure all USB ports (for Flash drive access) are locked down.
5. Dual Factor Authentication. Resolve to implement Dual Factor Authentication as part of a layered cybersecurity umbrella. With cyber-attacks increasing, both in terms of their complexity and their frequency, it is critical that everyone is prepared for the cyber battles that will come. Since no one can prevent 100% of attacks, using Dual Factor Authentication can significantly reduce unauthorized access to your firm’s networks and sensitive data.
6. Wi-Fi. Resolve to ensure that all of your Wi-Fi spots are protected with a secure password and the appropriate encryption level. That also means having a separate guest Wi-Fi password totally different from and protected from your firm’s main Wi-Fi access.
7. Computer Use Policy. Resolve to implement a meaningful and comprehensive Computer (and Mobile device) Use Policy. That policy should include Password Management Software, Dual Factor Authentication and encrypted access, along with a meaningful way to manage these items going forward. And never reuse a password for your firm’s network anywhere else.
8. The Cloud. Resolve to revisit and/or reinvest in the Cloud. Look into what the cloud can do to improve your effectiveness, your productivity and accessibility to information. Investigate which of your applications need to be updated, improved, replaced or moved to the cloud.
But having a plan in place is only half the battle. How you go about addressing your technology resolutions is critical as well. So, make sure you address these key areas:
Team Effort. Cybersecurity and disaster planning impact an entire firm so all departments and all employees should be involved in the plans. A common mistake is to confirm the plan details only to the IT personnel and department heads. They may be the ones expected to do most of the recovery work, but everyone has a role to play in getting the firm fully operational again. Effective preparation, clear delegation of responsibilities, and secure encryption can be the difference between complete data loss and minimal disaster impact. And having more people involved and helping hold each other accountable can double your odds of achieving the goals.
Employee Training. Resolve to make sure that all your employees are trained and up to date on all new technology and understand what they should and should not being doing that could put the firm at risk. Also resolve to ensure that the entire team is properly trained and can effectively use all of the systems and applications they need to use, and that all of the software licensing is current, accurate and complete. Using outdated software means updates and security patches won’t be issued, leaving your technology, and thus your data, vulnerable.
Testing. Given the growing sophistication of cyber-criminals, resolve to proactively test your disaster recovery plan and your people at least once a quarter on their knowledge and sensitivity to cybersecurity threats. These tests need to account for all types of potential threats, external and internal.
And Finally. Create specific goals with timelines. Now go to your Outlook calendar and set some reminders to review these goals regularly to make sure you are making progress towards achieving them by the end of the year.
As a trusted IT Service Provider (ITSP) for law firms throughout the greater Los Angeles area, we believe it’s important for organizations to understand the benefits as well as the costs to every potential technology change BEFORE embarking on them. And now's the perfect time to make those resolutions.
If you’d like to share your thoughts or have questions, be sure to do so in the comments section below or feel free to send me an email to discuss this in more detail.