How to Safeguard Confidential Legal Information

Securing Information Systems

Outsource server security. Assuming that your business or firm is not large enough to have a team dedicated to maintaining the security of your servers and monitor incoming and outgoing traffic, hire a network security company to ensure your data is adequately protected. Even though you can buy software and maintain security yourself, you won't be able to give it the attention a dedicated team can. Not only is it a benefit to have a top-notch information technology team available 24-7 to assess risks and quickly isolate and repair any problems, but using a security firm also ensures your security is always up to date. Additionally, it's beneficial not to have your servers in your office. This way your data isn't kept on-site, which can be helpful if a disaster or break-in occurs.

Encrypt all files with confidential information. Any files you transmit with confidential legal information should not only be kept on secure servers, their contents also should be encrypted so they cannot be read in the event they are intercepted. This means ensuring your emails are encrypted as well. You should never use free email services such as gmail for business communications that involve confidential legal information, as the content of those emails is not secure. If staff who frequently deal with confidential legal information also work remotely or use mobile phones, you also must make sure the data on those systems is encrypted. Only give passwords and encryption keys to employees who need them for work-related reasons – don't make them readily available to the entire office or post them anywhere public.

Download anti-virus protection. All computers in your office that are connected to the network should have an anti-virus program installed and updated on a regular basis to ensure confidential legal information cannot be corrupted. You can set your anti-virus software to update itself automatically, which means you don't have to rely on individual employees to keep their protection updated. In addition to anti-virus software, you also should ensure all the computers and devices in your office are connected using a secure, password-protected network with a firewall. Consider hiring a professional to set up your network rather than attempting to build it and maintain it yourself.

Control access to confidential information. Any files containing confidential legal information should be password protected, and only employees who need to access those files as part of their job should have access to that password. Make passwords complicated, and don't leave them out where people can see them, such as taped to computer monitors or desks. Change passwords periodically, as well as anytime an employee who had access to confidential information leaves the company.

Implementing Personnel Policies

Train employees to identify confidential information. Everyone in the workplace should understand how to recognize confidential legal information and treat it accordingly. Employees who have no reason to handle confidential information should not have access to it. Generally, confidential legal information should be labeled as such. But sometimes, especially with documents such as emails or letters, it can be difficult to label everything appropriately. When in doubt, any communication with an attorney, or that mentions a legal matter, should be treated as confidential legal information.

Verify callers' identities. When speaking to someone on the phone, you must take steps to ensure a person who has called is entitled to receive confidential information before undertaking any discussion that might involve revealing confidential legal information. Employees should be careful about disclosing confidential information to someone who calls, and take steps to verify their identity and right to receive the information before giving it to them. Likewise, be careful not to leave confidential information on answering machines or voicemail, because you can't confirm that it won't be heard by someone who doesn't have the right to the information, destroying confidentiality. When employees are talking on the phone about legal matters, whether in the office or out and about on a mobile phone, they should take care to ensure that their conversation can't be overheard if they're discussing confidential legal information.

Secure your fax machine. Avoid sending documents containing confidential legal information using the fax machine, and make sure the fax machine is located in a secure area with controlled access. If you have to send confidential legal information over fax, call the recipient before you send the document and verify he or she is available to accept it immediately. Office staff should know that if a fax comes through that involves a legal matter, it should be delivered directly to the person to whom it was transmitted. A fax machine should be behind the desk and away from the normal flow of traffic, not out in a busy hallway or work area where documents can be misplaced or viewed by anyone.

Conduct periodic checks. Ensure all employees are appropriately safeguarding confidential legal information and respecting the security of systems and servers by conducting regular tests and monitoring employee activity. Despite written policies and training, the best way to know how secure your systems are and how good your employees are at safeguarding confidential legal information is to test them periodically. Test the security of confidential legal information by sending an email from an outside source, an address no employee would recognize. The email you send should either appear to contain confidential legal information, or be requesting confidential legal information. Once you've sent the email, monitor your employees' responses to it. You can have third parties work with you on the testing. Your network security company may be willing to do it as well.

Control use of the internet and social media. Create a written policy regarding appropriate internet and social media usage in the workplace, and take steps to prevent confidential legal information from being disclosed through social media. Keep in mind that it often isn't necessary to have internet connectivity on every computer in the office. Removing access to the internet from the computers of employees who don't need it for work can significantly decrease accidental disclosures of confidential legal information. All employees should refrain from discussing legal matters on the internet, especially over social media. Limit access to company social media accounts and make sure the passwords aren't saved on a computer or written anywhere around the computer.

Managing Documents

Keep confidential documents secure. All documents containing confidential legal information should be handled in a secure manner and kept under lock and key when not being used for an immediate purpose. Teach employees not to leave any documents with confidential legal information out on their desks (or open on their computers) when they are away from their workspaces. If someone leaves, even just to go to the restroom, confidential legal documents should be stored in a locked drawer. Documents being retained that include confidential legal information should be kept in locked filing cabinets. If you have multiple boxes of documents, such as if you are in the middle of a case, keep them in a locked storage room when not in use. Locked cabinets should be closed and locked at all times, unless someone has opened them to take out a document or file. After retrieving the document, the cabinet should be locked again.

Control access to confidential documents. Store confidential documents in locked filing cabinets, and only provide keys to employees who have a continuing reason to access those documents as part of their job duties. Only people who need to access the documents on a regular basis as part of their work should have copies of any keys to locked filing cabinets. Don't tape the key to the cabinet or hang it on the wall for anyone to grab – if you do that, you might as well not have a lock at all.

Create a document retention policy. Documents such as emails with confidential legal information shouldn't stay on your servers indefinitely. You must create and consistently follow a policy regarding how long such documents and communications should be kept. Strong email retention policies also can protect data and information in the event your company's servers, or someone's mobile device, is hacked. From a security standpoint, the shorter you keep emails after they've been handled, the better. From a legal standpoint, holding onto information that it's no longer necessary for you to hold onto can potentially destroy confidentiality if it gets into the wrong hands. Depending on the types of documents you have, there may be other rules you must follow regarding how long those files should be kept. For example, if you have tax information, you must follow the IRS's rules regarding retention of documents and destruction of unnecessary documents.

Shred unnecessary documents or copies. If you need to dispose of paper documents that include confidential legal information, the paper should be pulverized or shredded so that the information printed on the page cannot be read. The shredder itself should be in a relatively secure location – for example, behind a desk, or in an office with a door – so that not just anybody has access to it. Cheap shredders that only cut the paper into strips are insufficient to dispose of confidential legal information. Buy a shredder that will cross-cut, diamond-cut or pulverize documents to ensure they are illegible.