How do I improve data security to meet confidentiality obligations?
Data security is gaining increasing interest among information systems users, particularly regarding classified or sensitive information.
To guarantee one’s peace of mind, it is good to fix a few basic things about devices, networks and also about logging into CSI Lawyer software, either by yourself or with the help of your IT support.
Maximize the data security of your workstation
As remote work has become more common, it is good to think clearly about whether to keep the computer only for your own use or purely for work use. To minimize the risks, it is recommended to get separate devices for leisure time and for use by the rest of the family.
If your workstation is not connected to a corporate domain, do set a user name and a password that is long and complicated enough. This way, in case the workstation gets lost or stolen, it will not be easy to log into. You can also encrypt your hard drive to further increase security.
Also, make sure that your workstation’s updates and antivirus software are up-to-date. When traveling, prefer your mobile phone to connect to the Internet instead of using open insecure WLAN connections.
Rely on your IT supplier for securing servers and networks
Securing servers and networks typically requires special expertise of the IT department or an IT supplier.
In most cases, when logging into a company network, you connect to a domain that can only be logged in with a username and a strong password. The domain administrator can specify the number of times users can enter an incorrect password before their account is locked. They can also specify, for example, minimum requirements for the length and complexity of the password. In companies, where remote work is common, a secure VPN connection is typically used to access domain services.
Companies are increasingly giving up their own physical servers. When the servers are located in a service provider’s data center under expert maintenance, data security is usually not at least diminished. From the user’s point of view, logging on to an outsourced server environment is similar to logging on to a local server.
In case the IT system has been built entirely on top of Microsoft’s M365 / O365 services the company’s domain is located in Microsoft’s Azure. From a user perspective, Azure AD is similar to traditional Active Directory (practically a domain) with its user accounts, passwords and logins, even though the AD / domain is located in the cloud.
When using Azure AD, the administrator can easily improve data security by enabling multi-step login, MFA. If your company does not yet use MFA, you may want to talk to someone taking care of your IT.
Whatever the server and network solution is, backing up your data is always crucial. Business-critical information needs to be backed up, both in case of cyber criminals or hardware failures. No system is 100% secure.
Ensure the security of your CSI software, too
The same general security criteria applies to CSI Lawyer as to any other software. Its workstation, network and server environment must be kept as secure as possible. In addition, there are some things you can do to increase security, should it happen that your workstation falls into the wrong hands.
Use Azure AD authentication to login
The most recommendable method to log into CSI Lawyer is authentication based on Azure AD. Once the Azure AD administrator has added the CSI database to a service maintained by CSI and defined the necessary parameters to the software, CSI Lawyer can only be logged in with Azure AD accounts.
Eliminate password guessability
When using a username + password combination, it is crucial to ensure that the password is long enough and not easy to guess.
Uncheck ”Remember me on this computer”
The “Remember me…” option is a favorite of many CSI users as it makes it easier and faster to open the software. However, we recommend unchecking it to increase security. Even if a third party gets your computer unlocked, they will not be able to log in to CSI Lawyer without a username and password.
Encrypt M-Files document vaults
Documents related to assignments are often saved to a separate M-Files document management system. Typically, the information stored in document repositories is even more confidential in nature than the entries made in CSI Lawyer. The document vault of M-Files can be encrypted using the AES-256 algorithm. Thus, a potential intruder cannot read the contents of the vault without an encryption key.
Avoid being the weakest link of data security
It may be impossible to create a completely secure information system. However, IT system suppliers constantly work to strengthen the security of their software products, and there are also many ways for end users to improve the security.
Even when the data security of servers, network and workstations is well managed, the end user of the system has a big responsibility for the security. In situations, where you can’t be completely sure about the safety consequences, it is always better to check than to guess.
As a computer user, everyone knows how tempting it is to tweak a little to get things done as quickly and easily as possible. It’s worth remembering, though, that the easiest way isn’t always the best. Particularly, if it means compromises in terms of data security.
If you are interested in implementing the Azure AD authentication or encryption of the M-Files document vault, please contact the CSI support, support@csihelsinki.zendesk.com.
Jari Loiri
CSI Helsinki, IT-päällikkö
Life is not all about technology. I’m technology’s friend whenever it makes human life easier.
