Originally published in the March/April issue of Legal Management, a publication of the ALA.

Paranoia is your friend. That’s as good a mantra as I’ve heard for securing sensitive information.

Since networks began, law firms and other organizations have had to worry about all kinds of hackers, attackers and unsavory digital cretins. Then recently, the Cornficker worm reared its ugly head, infecting 30 perfect of all computers using the Microsoft windows operating system. Later, IT professionals had to deal with the repercussions of the Microsoft/T-Mobile Sidekick fiasco. And just when you thought it couldn’t get any worse, hordes of Chinese cyberwarriors launched an onslaught against Gmail, Google’s popular e-mail service.

This article strives to create a broad view and practical starting point for your firm to assess its data security policies and practices. To facilitate writing it, I contacted several IT professionals who are also members of the Association of Legal Administrators (ALA) and asked them to share their related tips, experiences and concerns via an online survey and subsequent one-on-one interviews. For each area of analysis, I’ve also provided an “action item” regarding what you can do now to better manage data security in your firm.