Preventing Data Breaches and Protecting Sensitive Information In Your CRE Firm

Explore our library of best practices, industry trends, resources, and insights for all things entity management and compliance.

Explore by Topic

Popular Content

As the technology sector grows, so does the ability to get hacked.


The last thing you want to have to worry about is someone getting access to your client’s private information. Even sending a “secure” email runs the risk. What many don’t realize is that banks and government offices aren’t the only ones getting hacked. It’s happening in all different sectors. Some of the more common and least expected are healthcare and law offices. In just March and April, over one million people were affected by a healthcare breach. Most of the causes were computer systems, emails, and paper records. And according to the American Bar Association, one out of every four law firms is a victim of a data breach. Meaning, 25% of all law firms practicing in the U.S. have experienced at least one data breach.


Here are some common ways hackers are accessing information and what you should watch out for:


1. Ransomeware – The hacker will send a bogus email, prompting you to click on a link. Once the link is clicked, it allows the hacker gain access over your machine. In the most extreme cases, they will lock down your computer and hold your data for ransom.


2. Fake WAP – Many hackers will set up a fake wireless network, hoping that someone tries to join it. The WiFi names will be very generic and public, meaning they will not require a password. Some examples: Atlanta Airport Free WiFi, Starbucks Wireless Network, and Public WiFi. Always protect your information sent over a wireless network.


3. Phishing – A technique where the hacker imitates a website and will send a spoofed link. Once you try to log in, the hacker will steal your login information. You tend to see this through an email but could also come through as a text message.  


4. User Error – Many instances pertain to human error. Whether it’s using non-company approved sites, not properly destroying client information, leaving a computer unlocked, etc.


Here are some ways to prevent data breaches:


1. When looking into third party systems to house your client’s information, make sure you ask them to show you their security model. Making sure that they have an accredited system in place that uses top encryption methods.


2. Train your employees. Your human resource department should ensure that security measures are easy to understand and adhered to. Quarterly training should be held regularly, making it a routine part of your operations.


3. Always have a back-up. For instance, if you are an attorney and have all your client’s legal entity information on your computer or server and it gets hacked, are your files stored anywhere else? It’s important not only to save files to your computer or desktop but to follow your companies protocol on storage.


Needless to say, protecting client data can mean playing defense to hackers and unsecure software. All it would take is one person clicking the wrong email for confidential information to be exposed or completely wiped away. Be wary about what you are clicking on how you are sending and sharing sensitive information. Employees who take on this thought process can lead to better security across the entire organization.


EntityKeeper provides a secure database to store your client’s legal entity information. Learn more here: