April 1, 2019

5 Data Risk Management Tips for Small Law Firm Owners

This is a guest post by Suzanne Headon, chief marketing officer at Kinnami Software Corporation and an expert in data risk strategy for small businesses.

Automation is everywhere. We see it in action every day, right? As consumers placing our food orders, boarding flights, making and taking appointments...there is no denying that our lives have become more efficient thanks to technologies that automate daily tasks. The same goes for our workplace: Automated technologies help us collaborate more easily, avoid wasting time on repetitive tasks, deliver cost efficiencies for clients, and even allow us to work more flexibly from interesting locations or spend more time with family.

Yet when I talk to legal professionals about the merits of automation, the jury is out (forgive the bad legal pun). They point out that increased automation means more data, which comes with more liability. The platforms we now use for automation and collaboration allow data to be shared and accessed more widely than ever. At the same time, versions of data and documents change rapidly, making it hard to determine authenticity. All of these factors pose risks. Lawyers know better than anyone else the importance of mitigating those risks. It may even keep you up at night.

Many lawyers (especially in small law firms) would like to implement more automated processes, but fear the risks posed to themselves, their clients, and their businesses. They are often stretched for time and lack the resources for a dedicated data security team. But with the right combination of strategy, diligence, and technology they too can reap the benefits of automation minus the sleepless nights.

How do you create the right foundations for small firm data risk management? Start by following these 5 steps:

1. Start with the basics: Understand your data

Data is a broad term that covers a multitude of company information, client information, and file types. There are obvious types of structured sensitive data that have been exposed in recent times: social security numbers, credit card details, health records, etc. There is also a significant amount of unstructured sensitive data including files/emails containing client IP addresses or potential mergers and acquisition details.

Collect everything in your business that falls within the definition of data. Then classify it: How much would it cost your company if the data was exposed? Essentially, you need to prioritize where to focus your data risk efforts and investment.

Don’t forget that much of your data is fluid and constantly changing with newer versions emerging. Protecting large volumes of ever-changing data may seem like a mammoth task. But you can use automated technologies like Kinnami’s AmiStamp Legal to guarantee data authenticity and protect it from falsification with one simple click of a button.

2. Determine access, accountability, and audit-ability of your data

Collaborative tools like email, shared drives, and case management platforms have made working together easier than ever. But with multiple ‘editors’ of a file, accountability for the data can be unclear. The more people involved, the greater the risk of them underestimating the value of that data and the risks involved with exposure.

First, make sure everyone who has access to a shared file NEEDS access. If a collaborator doesn’t need to have access to a certain file or folder, don’t share it with them in the first place.

Second, establish an owner of each file who is ultimately accountable for its protection. The owner must determine and apply the parameters for sharing the data, while controlling access and changes to content or permissions.

Finally, make sure you have an audit trail. Automated exchanges like chatbots, virtual receptionists, and AI-based decision-making are propelling scale and efficiencies in organizations today. But with so many inputs and iterations of data in the AI process, it’s important as a business to be able to maintain an irrefutable record of your data and its audit history.

Facilitate the process by using Kinnami technology which enables owners to fully automate file permissions according to their parameters, be notified of any attempted breaches, revoke access quickly, and see a full audit trail on changes to the data. Kinnami’s AmiStamp provides business owners with the option to fully automate their protection and auditability data leveraged by AI, so they can protect their businesses without extra overhead time.

3. Choose your technology providers carefully and limit exposure

Are you using multiple platforms for case management, document sharing, forms, etc? It’s important to do your due diligence on any third parties that have access to potentially-sensitive data (or any data, really).

First, ask if their service can be done so without the need to expose your data at all. For example, our AmiStamp Legal technology can protect your files without us ever accessing or storing the data contained in those files.

Second, educate yourself on the data risk protection mechanisms within each platform and whether they align with your business needs and industry standards. Ask for maximum protection and the ability to integrate with data protection technology that you may choose to deploy.

4. Don’t over-collect data

It may be stating the obvious but the less data you have responsibility for, the less you expose your business to data risk. With automation, it’s easier than ever to collect more inputs from your users or clients through website forms, document sharing platforms, and even just an email inbox. Some of the biggest data breaches of the past year have included PII data from non-current users or customers. Ask yourself if you really need to retain the payment information from a client you no longer work with.

5. Data storage: Don’t put all your eggs in one basket

The magnitude of a data breach is increased if your data is centrally stored in one location, server, or even a single device. This vulnerable data is a very enticing target for hackers. The simple theft of one employee’s laptop could risk exposing critical data, often in large quantities.

Assess your data storage solution and opt for technology that is based on distributed storage. This approach fragments your data and houses them in completely unrelated locations making it prohibitively difficult for hackers to find important files. At Kinnami, we’re making this solution available to businesses providing a robust and watertight solution for data storage.

Bonus: Stay ahead of the game and plan for the (really) long term

Just like automation, data risk is not going away any time soon. That’s why it’s so important to focus not just on protecting your business and your data today, but also for the next twenty years and beyond. This is especially critical in the legal realm with preservation of evidence, personal legal records, and more. Think carefully about the technology you deploy to protect your data: Will its data protection outlast the actual company?

This was a major consideration for us when creating our AmiStamp Legal technology at Kinnami. We are a believer of creating robust technology that will endure independently of whether we endure or not! Using cryptography, the protection that we offer to guarantee the authenticity of your files and data can be relied on whenever you need it.

Take the steps to manage data risk today rather than next week or next month. By setting up protection measures and getting foundations established right now, you can avoid needing to react to later threats as they arise. It may seem like you don’t have the time and energy right now, but with the right technology, you can use automation to your benefit and make data protection painless and effortless.

We founded Kinnami with a vision: to help companies protect their data for the long-term. If you’re ready to take your data risk management to the next level, we’re ready to work with you. Trial our AmiStamp Legal solution for free at kinnami.com.

About Suzanne Headon

Suzanne Headon

Suzanne Headon is Chief Marketing Officer at Kinnami Software Corporation, an early stage technology company creating easy-to-integrate technology for legal businesses that powers scalable efficiency, security, and trustworthiness when it comes to the management of sensitive data. She advises early stage technology businesses on creation and expansion of marketing efforts, and spent 8 years at Google running various global marketing programs for publishers and app developers. She takes a keen interest in all things legal having studied Law at an undergraduate level. If you have any questions on building out your data risk strategy, don’t hesitate to get in touch with her at suzanne.headon@kinnami.com.

Share this on Twitter | Facebook