True story – a security audit of Western Australian government practices found that nearly 1,500 government officials were using “Password123” as their password, according to this recent Washington Post story. This, along with “password1” and “123456” are among the world’s most common passwords – and a call to hackers worldwide that cybersecurity may not be a huge priority for companies right now, though there are myriad reasons why it should be at the top of the list.
Cybersecurity is particularly critical for law firms. Law firms are often targeted by cyber attackers because they are consistently dealing with a large volume of private personal, financial, and business-related data and information. In 2017 alone, 23% percent of law firms with 500 or more attorneys reported a security breach within the year, and more than one third of firms with 10-49 attorneys reported experiencing a breach, according to the 2017 ABA Legal Tech Survey. Ethically, lawyers are required to have some degree of tech savviness, and it is becoming critical for lawyers to have some baseline knowledge of cybersecurity risks and how to mitigate them in their practices.
Here are some cybersecurity basics that may help protect you and your clients from cyber attacks and data breaches:
First and foremost, create stronger passwords. You wouldn’t keep “1,2,3,4” as the combination to your safe at home, so you should be just as thoughtful and deliberate about protecting online commodities. “Lazy” passwords put your firm and your clients at risk, so ensure that the password you use for each software platform or website you use is unique. Generally, a strong password contains a mix of letters and numbers, and some experts recommend a lengthier password of 12-15 characters. There are many online tools that can help you manage multiple passwords – password managers generate and track lengthy passwords, keep them encrypted, and plug them into the sites and programs you use frequently and you only need to remember one master password.
Encrypt Everything You Can:
Encryption is the act of converting information and data into a code in order to prevent unauthorized views or access. Lawyers should consider encrypting their communications with clients, and the documents they send to clients via email in particular. Encrypting an email is fairly simple. In Microsoft Office, to encrypt all outgoing messages, you go to the “File” tab, then into “Options> Trust Center> Trust Center Settings” and then to the “Email Security” tab, and then select “Encrypt contents and attachments for outgoing messages” under “Encrypted email.” Note, in order to read your encrypted message, you and your recipient must have exchanged digital IDs.
You can also encrypt devices like your phone, tablet and laptop. If your device is encrypted, nobody can access the data within it, as long is it is locked down with a secure password. On iPhones and iPads, you can check and see if your device is encrypted in the settings for “Touch ID & Passcode.” Apple devices generally default to encrypted, but you can confirm by checking that your settings screen says “data protection is enabled.” On Android devices, you can manually set up encryption by opening up “Settings” and then going to “security,” where you will see an encrypt option.
Use a Virtual Private Network (VPN)
A VPN is a way to extend a private network across a public network – in essence, allowing you to send and receive data across shared networks as though your computer or device was physically connected to your office’s private network. There are free and relatively inexpensive VPN options available, and you can take comfort in knowing that anything that you share over a public Wi-Fi network, through the use of the VPN, will be encrypted and thus, not likely to be compromised.
Be Conscientious About Your Cloud Providers
As the practice of law continues to evolve with technology, so does our use of the cloud. Cloud computing – or the ability to store and access data and programs regardless of where they exist – has been a game changer in law, reducing hard costs and allowing lawyers to transmit documents to and from clients, store and manage case information from afar, and easily share information with colleagues and clients. With any cloud computing vendor or service you may use in your practice, it is important to review the company’s compliance with standard security practices, understand what the vendor is doing to ensure confidentiality and security, and identify who controls the data.
Another cybersecurity to consider is investing in cybersecurity insurance to address any data gaps in your professional liability insurance policy. Like any other crime, the key to cybersecurity is to stay aware and vigilant, and make sure that it is a priority in your firm.
We’d love to answer any questions you have about Case Status. You can reach us at firstname.lastname@example.org or 800-429-4968. We look forward to hearing from you!
Signup to get emails with new and updates about Case Status.
Copyright © 2018 Case Status, Inc
Clio and the Clio Logo are registered trademarks of Themis Solutions, Inc. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.