Mediation and Data Security
Data security is a complex topic. To make sure our customers learn what they need to know and get that information from the best, we asked our Chief Product Officer, Noah Hawthorne, and our Cloud Software Architect, James Trefry, to tackle the subject.
We believe that there is an opportunity for data security to improve in the field of mediation. As a result, this post focuses on what you can do as a mediator to improve your mediation practice’s data security.
How does data security relate to the field of mediation?
As a mediator, you have a responsibility to your clients to ensure that any data you collect about them and their case is safe and secure. If you keep hard copies of documents and notes on legal pads, you likely store these resources in filing cabinets or shred them.
While those may have been common practices in the past, you can now take it online. These days, some mediators (as well as most legal professionals) use software, like ADR Notable, to manage their case files and take notes online.
With the rise in cybersecurity threats, it’s important to know what steps you can take to protect your case data, as well as your options for data retention.
At ADR Notable, we take a “security first” approach to our technology and user experience. We ensure our technology adheres to industry best practices regarding data security. Our app gives mediators several options to determine how their account’s data is accessed, viewed, and stored.
Who can access my case data in ADR Notable?
We have a strict role-based system. Mediators can use this tool to limit what information different types of users can access in a case.
For instance, you may want to limit the information a case manager can see on a case while allowing the mediator to see everything. You can create roles and assign permissions on a per-case basis through the Security tab.
How does ADR Notable help me control who can view my case data?
Let’s say you’re in a caucus with one party, and you want to ensure the notes you take are viewable by only that party.
Our note-taking feature was designed so mediators can blur or hide notes. That way, mediators have the flexibility to share only the information that’s relevant to the case participants in that moment.
What does ADR Notable do with my files after a case?
Some mediators tell us that they like to store their case files indefinitely. Some tell us that they would rather their case files be completely erased after each case. At ADR Notable, we give you the ability to decide.
You can securely delete case data from our systems. You can choose to delete it all or specifically choose what data you’d like to delete. It’s all up to you!
What else should I do to improve my data security?
Do you have a favorite password that you use on multiple websites? If so, there’s something you can do to improve your online security drastically.
Reusing one password on multiple websites poses a serious security risk. We recommend visiting each website on which you have an account and updating your password. Since humans can’t create cryptographically strong passwords or remember unique and complex passwords for every website, there’s specialized software that will do this for us. These tools are called password managers.
Most password managers will generate unique, cryptographically strong passwords for you and store them using the strongest encryption standards available. When you need to login to a website, these tools fill-in the form with your username and password for you. That way, you never have to remember these unique, strong passwords. Password managers will do all of the work for you.
You can install a good password manager, like 1Password, across all your computers and devices. That way, you can access your passwords whenever and wherever you need them!
Once you start using a password manager, you may start to feel invincible. After all, it’s a huge step toward achieving online security. However, there are still ways for hackers to steal your passwords. Thus, it’s important to always stay vigilant and protect your computers, devices, and network communications.
Additional tips to keep your passwords and online data secure:
1. Never enter login credentials or other information to a site that is not secured with a certificate.
That means you should try to only use websites that start with https://. The https:// identifies a more secure website than ones that start with the traditional http://.
2. Never connect to unsecured WiFi networks.
Hackers will sit in coffee shops or hotels and broadcast WiFi networks. They’re hoping someone will connect to that network and login to a website. Since all network communication will go through the hacker, they can capture your username and password in plain text.
3. Install only the software you need and ensure it’s from a trusted source.
Malicious software can capture everything you type, including passwords.
We also recommend you install a good anti-virus software. Make sure you keep it updated!
4. Never click or open an executable file – one that ends in .exe, .bat, or a variety of other extensions – in your email.
Your computer will automatically run executable files when you open them. These files may contain code to harm your computer or steal your information. The most common executable file extensions are .exe and .bat — you can click here to view the full list of extensions which you should keep in mind.
Since there are so many, it’s best to always delete any emails from unknown senders containing attachments. Also, be wary of attachments from known senders, as they may be sent from a virus on the sender’s computer.
5. Learn how to recognize phishing scams.
If you get a scary email or text message from your bank or credit card company with a link to login, do not click the link. If it’s an email, try to hover your mouse over the link to see the actual URL. It might not match the URL displayed in the email.
Too many people fall victim to these scams by logging into fake websites with their real credentials, thus handing their username and password directly to the hacker.
6. Don’t use your login credentials on a public computer.
You may have heard remember to logout of sites when using a public computer…But you should never even login to sites using a public computer!
Since you have no control over the security of a public computer, assume it has been compromised.
7. Maintain your devices’ security.
Keep your computers and other devices physically secure and password-protected. Don’t use the same passwords across different devices and, if possible, use biometrics to login.
8. Learn how to DIY.
DIY = Do It Yourself!
Learn how to reinstall the operating system on your computer or device. When you leave a device at a shop for repairs, you never know if your privacy was violated by digital theft or spyware.
If you have to take it into a shop, solely use ones that are recommended by the device’s manufacturer (e.g. the Apple Store for Apple products).
9. Back up your data.
Keep your critical data backed up to a cloud drive or physical (encrypted) drive. If you ever fall victim to ransomware, you can just reinstall your operating system and restore your backups.
Do you have any other questions about how to improve your mediation practice’s data security? If so, tweet us or send us an email with your question(s) – Noah and James will be happy to answer them for you!