Can You Withstand a Breach in Cyber Security?

Outside of the financial and tax sectors, the practice of immigration law produces a significant amount of personally identifiable information (PII). Immigration practitioners collect a ton of highly sensitive data from foreign nationals, their family and friends, U.S. corporations and foreign corporations. Especially in the practice of business immigration, practitioners might even be making notations regarding highly confidential business information. In today’s immigration practice, data is increasingly being stored digitally, whether on software or on computer hard drives. Suppose a cyber-thief got their hands on some of that PII or even confidential corporate information?  How would your organization protect your client’s sensitive data? Are you practicing what you think is reasonable, or what the industry considers to be reasonable? Here are four questions to find out where you organization stands when it comes to cyber security:

1. YOU HAVE A CYBER SECURITY PROTOCOL POLICY ORGANIZATION-WIDE?

Merriam Webster’s defines cyber security as “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.” Having a policy in place sets the tone for all staff members that protecting the organization’s client data is a priority and important. A uniform, written policy ensures employees understand their responsibilities and the dangers of a breach or social engineering. A culture of security also provides an organization with a competitive edge against other practitioners who lack such policy. (If yes, add 10 points.)

2. YOUR DATA IS PROTECTED BY CYBER INSURANCE?

What exactly is cyber insurance? We wrote about it back in February. It’s additional insurance coverage, outside of general and malpractice liability insurance, that practitioners can obtain, either on their own or as a beneficiary of using the right immigration case management software. (If yes, add 10 points.)

3. YOU’VE IMPLEMENTED RESTRICTED ACCESS CONTROLS?

When it comes to defining access controls, by all means, do it. If a controlled group of individuals are allowed administrative rights, it limits your organization’s exposure to unnecessary risks. One malicious email that is inadvertently opened can be lead to a series of security headaches but in isolation, damage is thereby limited. This is probably one of the single most important reasons why using a Secure Messaging system (found here) also helps to combat malicious access to data. (If yes, add 10 points.)

4. YOU’VE CAREFULLY SCRUTINIZED YOUR VENDORS FOR OUTSOURCING?

When it comes to security, your organization is only as safe as your vendors’ protocols. Do your vendors outsource their security? Is another organization managing or accessing your data as part of a service contract agreement to which you are unaware? If you need to have that conversation with your vendors, then please do so. Culling the necessary information will allow you to make an informed decision on whether you need to switch to a more secure vendor. (If yes, add 10 points.)

Did you get the full 40 points? If so, I definitely want to hear from you! Send me your private comments below. Subscribe to our newsletter for more updates on immigration practice management. We’ll also be at the AILA National Conference in Nashville. Come visit me and our LawLogix team!