The recent cyber-attack of the Democratic National Committee reminded the country of how detrimental a hack can be. As technology becomes more and more prominent in our lives and businesses, cyber-security should be held to a higher priority – especially for law firms. Hackers specifically target large-scale law firms because they hold important legal, financial, and personal information that can be traded on the black market.
For good and bad, cyber-security is not just the job of one person or department. While your IT team works on building firewalls and encrypting data, your employees must strive to make sure their e-mails are safe and protected from hackers.
Why is email security so important? Because hackers often use email as a sort of “back-door hack” into your firm. One of the most common ways to do this is a phishing scam.
Phishing e-mails, so named because they “bait” information out of e-mail recipients, may be disguised to look like they are from your bank, social media accounts, or any other agent that has your personal information.
You may be sent an e-mail asking to confirm a transaction, change your password, or relinquish some other form of personal information. Once the hacker has that information, they can use it access to your server’s network. That’s when the trouble begins.
You or one of your employees may have phishing e-mails lurking in your inbox right now – they’re that common. This is why e-mail security is so important. One seemingly harmless e-mail can compromise your entire firm’s security.
So, at the most basic level, your e-mail security policy absolutely needs to include information on the process and prevention of phishing e-mail scams. But that’s just the beginning.
What to Include in Your E-Mail Security Policy
Your employees are key to your firm’s security, so it’s crucial to craft an e-mail security policy that explains how employees can protect themselves and the company, as well as what efforts your IT team is taking to prevent cyber-attacks.
Be sure to review this policy in a mandatory meeting as well. The more knowledge your firm has about cyber security, the more they can do to prevent cyberattacks.
Your e-mail security policy should include the following information:
- E-mail security best practices
What may seem obvious to your IT team may not be obvious to all employees. Be sure to give your employees basic tips for e-mail usage and safety. Examples include “Do not connect to unsecured Wi-Fi” or “Change your password monthly”.
- How to identify and report phishing scams Just because your employees know about the dangers of phishing scams doesn’t mean they know how to recognize them or what to do about them. Show your staff how to identity a possible threat and also report the scam to you and your security team.
- E-mail monitoring
Your IT team may want to monitor your network’s email and data usage to quickly identify any malicious activity. If this is a strategy you decide to implement, make this known to your employees. Not only does this allow you to be transparent, it also shows the efforts you are making to keep your firm safe.
- Prohibited content by letting your staff know that their e-mails will be monitored, you also give employees a warning. If they send prohibited content, you will find out. Let your employees know what content is too inappropriate or sensitive for e-mails (i.e. personal information, upcoming financial moves, and so on). Consider what you don’t want leaked to the public when creating a list of prohibited content.
- Barracuda Essentials for Office 365
Most firms use some form of Microsoft Office. One way to make Office more secure is to use the cloud-based service Office 365. Rather than installing the applications on individual systems, they live in the cloud, and you and your employees can access them whenever you want.
Of course, even Office 365 is not perfect. There are security flaws and vulnerabilities within the software that can put your firm at risk. But you can combat these flaws with Barracuda Essentials for Office 365.
Barracuda is a security service that works to fully secure your cloud storage, e-mail accounts, and overall software usage. Security features include outbound e-mail protection, e-mail encryption, cloud-to-cloud backup and recovery, and cloud-based central management.
Make sure your employees understand the protection that Barracuda provides, and make it clear that all firm-related messages should go through official firm email addresses – not outside personal email programs.
Workshops and seminars
If you plan to educate your employees through security workshops, include these plans in your security policy. One workshop is not enough. They should be a continuous effort to update staff on the new security measures (and threats) that will be affecting your firm.
Other efforts being made to increase e-mail security.
Assure your employees that you are doing everything you can to keep their information (and their clients’ information) safe. Discuss the security measures you are taking and the programs you have set up to ensure that you are protected against cyber attacks.