Keeping Information Safe
At Takacs McGinnis Elder Care Law, data cybersecurity is an everyday priority.
What is cybersecurity? A trendy term for data security, cybersecurity refers to the preventative techniques used to protect the integrity of networks, programs and data from attack, damage, or unauthorized access.
Cybersecurity experts often refer to the 90/10 rule. This rule states that 10% of cybersecurity is reliant upon technology; 90 percent is up to users. As an example, the IRS reports that tax professional data breaches occur at the rate of three to five a week, a staggeringly high level.
"Given the rise in the occurrence of identity theft, fraud and other cybercrimes committed against businesses, we are paying more attention to cybersecurity,” says Certified Elder Law Attorney Barbara Boone McGinnis. “The protection of our clients’ sensitive information is extremely important to us.”
Takacs McGinnis works diligently to protect client information from cybersecurity threats. In fact, several staff members have come together to form the Technology Team, a group charged with researching best practices and implementing new systems, policies, and procedures that will keep client information secure. What’s the status of their efforts?
A few years ago, the firm transitioned to a paperless environment where all documents are scanned and saved on a secure on-site server that is backed up each evening. “We treat the files with the same commitment to confidentiality that we did when the files were paper,” says Lisa Proctor, the firm’s office administrator and legal assistant who leads the Technology Team.
The Technology Team is working on ways to remove all Personally Identifiable Information (known as PII in the cybersecurity world) from documents for enhanced client protection. This is especially important when sharing documents with facilities.
Sharing Data with Government Agencies
How do you keep data secure when government agencies don’t have the same commitment to cybersecurity? This is one of the firm’s biggest challenges. For example, applications for Medicaid or VA benefits always contain Personally Identifiable Information and these applications need to get to claim representatives at the State of Tennessee. How is this information sent when fax and email are the only options? “The reality is that if you add even one layer of security to the process, even a simple password, the government workers won’t take the extra time to open the documents,” says Joshua Bey, a former Medicaid/TennCare claims processor who now works for Takacs McGinnis as a public benefits specialist. “Unfortunately, we have to play by their rules.”
To maximize security, the firm currently faxes all applications via a secure, internet-based fax and the Technology Team has been researching alternative ways to transmit data via email without sacrificing security.
What is the State of Tennessee doing to protect Personally Identifiable Information? It’s not clear. We do know that the Social Security Administration’s website (ssa.gov) has implemented two-factor authentication for those who want to access Social Security records. Two-factor authentication is an extra layer of security designed to ensure that you're the only person who can access your account, even if someone knows your password. Though many organizations and some federal agencies are using this method, it’s not clear if or when the State of Tennessee will follow suit.
Keeping Computers Safe
Computer systems at Takacs McGinnis are 100% secure, protected by a robust firewall and other security measures, according to Lisa Proctor. “Our data security is managed by a local company that specializes in business IT services.”
Keeping Email Safe
After extensive research on the alternatives, we are confident that Takacs McGinnis is using the safest email platform available: Outlook 365 enhanced with antivirus protection. According to our IT services provider, Outlook 365 is three times safer than Google’s Gmail platform.
Credit Card Security Procedures in Place
When it comes to credit card security, the firm follows the Payment Card Industry Data Security Standard (PCI DSS), an information security standard that was created to increase controls around cardholder data to reduce credit card fraud. For example, Lisa Proctor is the only person in the firm who handles credit card information, and she follows strict procedures to keep credit card numbers secure.
Ultimately, Takacs McGinnis Elder Care Law’s Technology Team is doing a fantastic job of protecting client data and we’re doing what we can to nudge the State of Tennessee in a similar direction.
If you have questions about cybersecurity at Takacs McGinnis Elder Care Law, just give us a call at (615) 824-2571.