On constant security alert

There are steps that can be taken to prevent the Internet and e-mail being used carelessly, reports Ravinder Chahal. Ravinder Chahal is a freelance journalist. Law firms and information technology are a match made in heaven – the attraction was not immediate but the lack of initial fire means the relationship will not be a flash in the pan.

Trust and security are the watchwords in any meaningful relationship, but these things have to be worked at because complacency can lead to betrayal. If you think that that is being over-sentimental imagine the sense of loss you would feel if the pillow-talk you have with your pc or laptop was carelessly whispered to a rival suitor.

IT security in any organisation covers a range of issues, from the basics of making sure no-one walks off with your lap-tops, to ensuring that the Internet is not used as a back door to access confidential files.

However, the common element of any security policy is a commitment to certain protocols throughout the firm from senior partner to the reception staff – having the best security measures that money can buy will mean nothing if staff are slack with e-mail or their own user access codes. In short, it is vital that all personnel are well aware of the importance of maintaining a firm's IT security.

The Internet is seen by many firms as a way to be more open and accessible to clients – the flipside of this is, of course, that firms' files can also be left more vulnerable to hackers or viruses. This has not escaped escaped the attention of most firms, according to Christina Archbold, employed by the Law Society as IT adviser to the profession.

She says the most common security concern is about information sent on the Internet. She believes that these worries are a "red herring" because of the encryption techniques that are available. A dedicated hacker could break the encryption codes but, in fact, the biggest problem is ensuring that information sent on the Net arrives at its correct destination.

Archbold says that most bigger firms use firewalls (either in the form of software, or stand-alone hardware with software) to act as a barrier to protect the firm's local area network from viruses and unwanted interrogation by outsiders.

The Internet also raises issues of policing insiders within the firm – having them waste time browsing on the Net, especially if they access undesirable material, can be prevented by limiting how much access they have from their desktop pc.

Security can still be breached easily if fee earners treat e-mail carelessly. The beauty of e-mail is that it saves time in communications where information needs to be seen, yet, according to Archbold, some lawyers consider e-mail on a par with a telephone conversation, forgetting that the notes that are sent can be reproduced as written material – if fee earners remember that e-mail can conceivably be like a chain-letter then perhaps they will be more careful about what they send.

John Dennison, IT manager at Forsyte Saunders Kerman, says that as well as regularly backing up information off-site, every night the firm sends files to the bank for safe-keeping, and every month this is transferred to an off-site facility where it is kept for a year.

In case of a fire, theft or even a terrorist attack, it is also worth having an entire disaster recovery plan that can be implemented at a moment's notice.

He says that having a "hot-site" nearby – with terminals, networks, phones, fax machines – would allow a functional IT service to be available soon after any disaster strikes.

As the main office's IT capability develops , it is vital to keep updating the hot-site, as well as keeping records of any special configurations of software, so that a lawyer would be able do most of the things the original office allows, he adds.

Backing up information off-site is well understood to be good practice, but on a much smaller scale it is worth considering that any work done on a laptop should also be backed up for similar reasons.

Also remember that if a lap-top is lost or stolen, the new "owner" is likely to wipe files he cannot access rather than try to get past even the most basic of security measures to see what is on the machine.

IT managers acknowledge that security measures can be broken by those with the know-how, but it is vital to put barriers in their way.

Archbold adds that, for lawyers, information is their business, so they should start thinking of what is on their IT systems as "pound-notes – that way they'll know why they need to safeguard it".