Customer data protection for a local law firm
We implemented a personal data access policy. The number of unauthorized login attempts dropped almost to zero within 12 weeks.
LexPoz Law Firm struggled with leaks of confidential client information. We introduced systematic access control that eliminated gaps in digital document flow.
The challenge
The LexPoz team worked on shared accounts, which made it impossible to identify people editing files. In March 2024, we recorded 47 unauthorized attempts to open case files by external parties.
The problem was critical because the lack of a strict password policy meant employees used simple security. This violated personal data protection requirements and exposed the firm to a loss of trust.
Our approach
Our team at Idryleaks conducted a two-day infrastructure audit. We identified 12 critical points in the file system and email.
Next, we trained 9 employees of the firm on data encryption and using a password manager. We don't offer generic training – we focused solely on the realities of a lawyer's work in Poznań.
The solution
We implemented two-factor authentication and separate permissions for each team member. Data is now divided into three access levels: public, firm-wide, and top-secret.
Additionally, we automated the removal of temporary files from the server every 24 hours. Facts instead of promises – thanks to this, every case now has its own secure access register.
Results
Within 12 weeks of implementation, we recorded an 89% decrease in security incidents. The system is now transparent, and every change in documents has an assigned author.
Timeline
-
April 2024Network infrastructure audit in the firm
-
May 2024Implementation of two-factor login
-
June 2024Team training on case file protection
"Before, everyone had access to everything. Now we see who opened documents and when. This gives us peace of mind when working with sensitive data."