A chief concern for attorneys in putting their firm’s confidential client data online is security.

With hackers more prevalent than ever in an Internet world increasingly reliant on “cloud computing” — which includes a range of online tools used for practice management — as well as social networking and other Web 2.0 functions, putting any confidential business information online might seem like strolling into the lion’s den.

There are a number of precautions a lawyer should take to overcome these concerns while taking advantage of Web 2.0 offerings safely and securely.

1. Use a vendor that specializes in working with attorneys.

Two SaaS utilities for billing and other practice management necessities, Rocket Matter and Clio, are popular in the legal community.

“You want to pick a vendor that is more aware of the confidentiality and privilege issues that are found in the legal world,” said Bryan Sims, author of the Connected Lawyer blog and a partner at Thompson, Rosenthal & Watts, LLP in Naperville, Ill. “Make sure you know what they are doing with information and what level of security they are using. All of this should be spelled out in your terms of service agreement.”

Both options use 128-bit SSL encryption, which is on par with online banking.

Sims also recommends considering online vendors that work in the health care industry, as they are bound by HIPAA regulations and place a similar emphasis on confidentiality.

2. Have multiple passwords.

One of the perks of cloud computing is the ability to use one password for every function, particularly those in social networks and Google Apps. This is convenient for the layperson but can become a security risk for attorneys, Sims said.

He added that it’s safer to use various passwords to keep hackers guessing, and make sure each one includes letters, numbers and symbols.

Many Web sites use backup questions, such as the name of a first pet or mother’s maiden name. Don’t feel obligated to tell the whole truth on these questions, as some of this information can be found easily and could help hackers use the “Forgot Password” function to get to your protected information.

Sims suggests using a software program, such as Agatra or Cornodo, that allows you to store passwords in different programs.

3. Keep your client in the loop.

Clients should be notified of any of their information you are putting online — such as facts of the case, billing data, etc. — and be allowed continued access, in order to avoid malpractice claims.

“Most of the confidential information is the client’s information anyway,” said Sims. “They should be able to access their own data and assume some responsibility.”

4. Create an external backup.

Whether it’s a flash drive or the hard drive of a strong laptop, files should always be backed up in a password-protected external location, said Sims.

This article originally appeared in Lawyers USA, a sister publication of Wis-consin Law Journal

Questions or comments can be directed to the writer at: justin.rebello@lawyersusaonline.com