What Do The Best Legal IT Security Experts Advise That You Do To Protect Your Confidential Data?
8 Critical Things
I recently attended the Clio Cloud Conference in New Orleans, and I came away with a wealth of information for law practices that want to use the Cloud securely. Clio’s Director of Information Security, who formerly worked at Apple (among other companies), mentioned some critical steps that legal firms must take to protect their businesses and their clients.
First, let’s look at the legal environment in regards to cybersecurity. Here are five facts that you need to know:
What are the eight critical steps that Clio’s Director of Information Security recommends you take to protect your law practice?
*What Is 2FA?
Two-Factor Authentication (2FA) protects your identity by requiring a second layer of security. It makes it more difficult for cybercriminals to log in to your accounts.
Your credentials must be submitted in two or more different forms. For example, you need your login ID and passcode for authentication to be classified as 2FA.
This prevents criminals from taking over your identity on the platforms you use. Even social media platforms like Facebook have an option where a code is texted to your mobile phone, or generated in your Facebook account that you use before signing in.
Clio advises that you use 2FA wherever it’s provided. Make sure your employees do the same.
** What Is Phishing?
Phishing is the practice of stealing user ID/email addresses and password combinations by masquerading as a reputable or known entity or person in an email, instant message, or another communication channel. Attackers then use the victim’s credentials to carry out attacks on a secondary target.
They enter the credentials into as many websites as possible using automated scripts, often called credential stuffing, or enter the stolen credentials directly into corporate resources gaining unfettered access to your network and data.
How do you protect your law practice from phishing? The best way is through Security Awareness Training**** for your employees.
*** What Are Secure Passwords?
Creating a strong password is an essential step in protecting yourself online. Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. No law firm is immune to cyber risk, but there are steps you can take to minimize your chances of an incident.
Here are eight things that the Department of Homeland Security suggests you and your employees do when creating passwords:
1. Create passwords with eight characters or more and a combination of letters, numbers, and symbols.
2. Use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.
3. Don’t make passwords easy to guess. Don’t include personal information in your passwords such as your name or pets’ names. This information is often accessible to find on social media, making it easier for cybercriminals to hack your accounts.
4. Avoid using common words in your password. Instead, substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L.”
5. Get creative. Use phonetic replacements, such as “PH” instead of “F.” Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”
6. Never share your password. Don’t tell anyone your passwords, and watch for attackers trying to trick you into revealing your passwords through email or calls.
7. Use different passwords for different accounts and devices so that if attackers do guess one password, they won’t have access to all of your accounts.
8. Use stronger authentication. Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account. For example, it could be a one-time PIN texted to a mobile device, providing an added layer of security beyond the password and username. Visit www.lockdownyourlogin.com for more information on stronger authentication.
****What Is Security Awareness Training?
Security Awareness Training for your employees educates them to be aware of phishing and other IT threats. Services often provide user training videos, send fake phishing attempts to test their knowledge, send automated memo emails on the latest threats, and allow admins to run various reports to monitor your employees’ scoring, and progress.
Cybercrime is a real and present danger to law firms of every size. You can’t afford to risk your confidential data. Contact our IT Security team in Winston Salem NC for help protecting your practice.
In the meantime, check out these and other articles in our Law Blog to stay up-to-date on the latest news and information in IT:
Some extreme events can disrupt the regular operations of a legal firm. Natural and man-made disasters such as hurricanes, floods, power failures, earthquakes, arson, robbery, death of a critical law partner, pipe leaks, roof collapse, public unrest, and other unexpected problems can destroy offices, records, or access roads, jeopardize relationships with major clients, or make travel to the law office impossible for employees. Having a Business Continuity Plan for North Carolina Law Firms can prevent significant loss of revenues and clients due to prolonged disruption of law office operations.
While you’re busy running and growing your business, working hard to make money, cybercriminals are finding new and more sophisticated ways to steal it. They want to breach your IT system to steal your confidential data so they can hold your data for ransom, or get passwords and IDs to take cash directly from your bank accounts.
Although many long for the simplicity of yesterday, advancements in technology are quickly taking over every industry. This includes the legal field. Technology provides an ability to streamline resources and improve efficiency. Of course, people are required to manage it.
Parkway Tech offers technology management, help desk services, and strategic IT consulting to law firms and legal practices across North Carolina.
We offer a completely customized technology support services for large and small law firms, law offices and law practices.