Regulations around Legal/Law industry
-
Looking at picking up some extra work. One client is a small town law firm. They're big on security and privacy but not very knowledgeable in regards to cyber security. Is there any regulations in the US or Texas for the legal/law industry?
-
Lol. Every law firm says they are big on security. Almost none take it seriously at all. It's an industry famous for being insecure.
-
In my experience I have to agree with Scott. It's the only office where everyone can read everyone else's email and the file server is a free for all.
I would ask them what regulatory requirements they have.
-
I have to agree the one law firm where I looked at taking them on as a client had all there computers on the public wifi provided by the building...
-
I can one up you guys. I considered doing contract work for a lawyer. When I visited his office it was shared with another company. Not only the network but he also hosted all of his files on the other companies server. Not kidding.
-
She's dead set on not using wifi, but yet shares an AOL email account with her secretary and an intern and that's how they share documents back and forth. They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
Right now, I'm just starting out small. She's first asked for Adobe Pro DC, permanent licenses and I provided her prices for that. Then she's asked for a new printer, and I have provided her information for that. I might start off by persuading her to a file server, something like a small NAS. Just a place for her to share files with internally, and work my way from there.
I just wanted to make sure that she was in compliance, if there were any regulations. Since it appears that there aren't, then its an open field for me. Thanks.
-
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
-
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
3
-
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
3
You don't need AD for 3 users but of course password protection is a must
-
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
3
You don't need AD for 3 users but of course password protection is a must
Totally agree. AD/LDAP would be way overkill for this. Tried to convince her to setup a password and she said that it slows her down. Really? If 2 minutes to enter a password slows you down, then you have bigger problems, such as time management and the ability to say "no".
-
Law firms are stupidly insecure.
-
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
3
You don't need AD for 3 users but of course password protection is a must
Totally agree. AD/LDAP would be way overkill for this. Tried to convince her to setup a password and she said that it slows her down. Really? If 2 minutes to enter a password slows you down, then you have bigger problems, such as time management and the ability to say "no".
I have zero empathy for people needing to remember a password or two. I have to remember 100+. Gooby pls.
-
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
3
You don't need AD for 3 users but of course password protection is a must
Totally agree. AD/LDAP would be way overkill for this. Tried to convince her to setup a password and she said that it slows her down. Really? If 2 minutes to enter a password slows you down, then you have bigger problems, such as time management and the ability to say "no".
I have zero empathy for people needing to remember a password or two. I have to remember 100+. Gooby pls.
Why? Install Lastpass or Keepass.
-
@coliver said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
3
You don't need AD for 3 users but of course password protection is a must
Totally agree. AD/LDAP would be way overkill for this. Tried to convince her to setup a password and she said that it slows her down. Really? If 2 minutes to enter a password slows you down, then you have bigger problems, such as time management and the ability to say "no".
I have zero empathy for people needing to remember a password or two. I have to remember 100+. Gooby pls.
Why? Install Lastpass or Keepass.
I don't access everything from a single computer unfortunately
-
@wirestyle22 said in Regulations around Legal/Law industry:
@coliver said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
3
You don't need AD for 3 users but of course password protection is a must
Totally agree. AD/LDAP would be way overkill for this. Tried to convince her to setup a password and she said that it slows her down. Really? If 2 minutes to enter a password slows you down, then you have bigger problems, such as time management and the ability to say "no".
I have zero empathy for people needing to remember a password or two. I have to remember 100+. Gooby pls.
Why? Install Lastpass or Keepass.
I don't access everything from a single computer unfortunately
I... What does that have to do with it? Lastpass is web based. Keepass can be encrypted on a USB stick with some strong encryption as to prevent people from accessing it if it were to get lost.
-
@wirestyle22 said in Regulations around Legal/Law industry:
@coliver said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
3
You don't need AD for 3 users but of course password protection is a must
Totally agree. AD/LDAP would be way overkill for this. Tried to convince her to setup a password and she said that it slows her down. Really? If 2 minutes to enter a password slows you down, then you have bigger problems, such as time management and the ability to say "no".
I have zero empathy for people needing to remember a password or two. I have to remember 100+. Gooby pls.
Why? Install Lastpass or Keepass.
I don't access everything from a single computer unfortunately
I use Lastpass still, and I hope between 3 computers and my phone every day. The auto sync is very hard to give up.
-
@coliver said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@coliver said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
@wirestyle22 said in Regulations around Legal/Law industry:
@NerdyDad said in Regulations around Legal/Law industry:
They're all still on Windows 7 and none of their computers are password protected, let alone have a central AD/LDAP system in place.
How many users?
3
You don't need AD for 3 users but of course password protection is a must
Totally agree. AD/LDAP would be way overkill for this. Tried to convince her to setup a password and she said that it slows her down. Really? If 2 minutes to enter a password slows you down, then you have bigger problems, such as time management and the ability to say "no".
I have zero empathy for people needing to remember a password or two. I have to remember 100+. Gooby pls.
Why? Install Lastpass or Keepass.
I don't access everything from a single computer unfortunately
I... What does that have to do with it? Lastpass is web based. Keepass can be encrypted on a USB stick with some strong encryption as to prevent people from accessing it if it were to get lost.
Oh that's cool. I guess I made an incorrect assumption
-
I work at a larger law firm. We have about 130 attorneys, plus around 70 support staff, secretaries, etc. Most of the time the regulations we have to deal with come about from our clients. If we have a doctor as a client, and we do. Then we are entangled into HIPPA. If we have financial clients and we do, we then are tied up in their regulations. What everyone said about law firms being insecure is true. It has been a long fought fight for us to drag the firm towards better security practices. In cases we are dealing with, most contain sensitive private information, SSNs and the such so we try to be very secure with them. We have encryption on all of our machines. The data between our computers and document management system is encrypted. We have taken a lot of steps to secure our data. I am sure we have holes, I believe everyone does but we actually pay for a security audit every year. Some of our bigger clients require it. We always complain about the mom and pop law firms. They are very difficult to deal with.
-
@NerdyDad said in Regulations around Legal/Law industry:
I just wanted to make sure that she was in compliance, if there were any regulations. Since it appears that there aren't, then its an open field for me. Thanks.
There are not regulations, but what she is doing is called "negligence" and a breach could land her in hot water. Any firm handling someone else's data that has a total disregard for the safety of their clients could wind up in court for simply being negligent in the duties assumed in protecting other people.
-
Although there is no regulation. Please look at the below:
Look at comment 8
