Hackers target law firms, attorneys, and their clients for the private information and secrets they keep. The volume and intensity of cyber attacks and breaches affecting law firms and lawyers are at unprecedented levels and getting worse. Many professionals have become comfortably numb to the news and the reality of what comes next.
It’s not possible to know precisely what percentage of web traffic is malicious, but a lot of web traffic is malicious. According to GlobalDots Bad Bot Report 2018, “bot traffic makes up 61.9% of total traffic on the world’s largest websites. Bad Bots are increasing—21.8% of all website traffic are now Bad Bots, a 9.5% increase over the previous year.”
In addition to bad bots, there are plenty of bad people who will hack you if given the opportunity. Cybersecurity threats and data breaches wreak havoc on personal and professional lives every day. Your cybersecurity vulnerabilities expose you and everyone within your circle to malicious behavior.
The risk of being hacked today is far too great a threat to ignore.
The following cybersecurity tips are intended to help you protect yourself, your law firm, and your clients. They make it much harder for hackers to access your mobile devices and disrupt your life.
1) Secure Your Mobile Account With A Master Password
Time required to implement: Less than 15 minutes
An account master password helps prevent unauthorized changes being made to your account. Sometimes referred to as a security passcode or account pin, this master password is different from your account login password. It’s also different from your mobile device or voicemail pin/password. You will need to contact your mobile phone service provider to create a master password for your account.
2) Secure Your Mobile Number With A Port Lock
Time required to implement: 15-20 minutes
Phone number porting allows you to keep your existing telephone phone number when you switch service providers. Number porting is possible between wireline (aka “landline”), IP, and wireless providers.
Mobile phone service providers are required to comply with port requests so long as the person initiating the request provides accurate information. Therein lies the problem.
According to AT&T: “Imagine this—someone walks into a phone store and pretends to be you with a fake ID and your personal information. They want to switch carriers and walk away with control of your phone number. Stealing a mobile phone number this way is known as ‘illegal porting.’ Bad guys sometimes use illegal porting to steal your phone number, transfer the number to a device they control and intercept text authentication messages from your bank, credit card issuer or other companies. Many companies will call or text customers to confirm their identity. Once the bad guy has your number, he will get the authentication messages and can use them to get access to your accounts.”
3) Secure Your Mobile Data With A SIM PIN
Time required to implement: 15-20 minutes
A subscriber identification (identity) module or SIM card is a smart card used in many modern mobile phones. A SIM card stores your personal data and an identification number unique to you. If your un-encrypted SIM card gets lost or stolen, you have a problem.
A SIM PIN password helps protects you in the event your mobile device is lost or stolen. If someone were to remove your SIM card and try to use it in another device they would be locked out by the SIM PIN.
According to Apple: “To protect your SIM card from others using it for phone calls or cellular data, you can use a SIM PIN. Then, every time you restart your device or remove the SIM card, your SIM card will automatically lock and you’ll see ‘Locked SIM’ in the status bar.”
To secure a SIM PIN and protect your personal and private information, you will need to create a SIM PIN password. To do this you’ll need to contact your mobile phone service provider. Not all mobile devices use SIM cards and some mobile phone service providers don’t allow for SIM PIN.
WARNING: Do not attempt to guess your SIM PIN. Entering an incorrect SIM PIN more than a few times can permanently lock your SIM card, requiring the need for replacement.
4) Disconnect Your Devices When You’re Not Using Them
Time required to implement: Very little
It’s considerably more difficult to hack someone whose devices are not online. An effective method to avoid getting hacked is to make your internet-connected devices inaccessible. This is not to suggest turning your mobile devices or internet/phone service off during business hours. This tip is about helping you optimize the use of your technology and keeping you safe.
Implementing this tip requires very little effort or sacrifice and yields a tremendous return on investment. Bad actors lose direct access to hack you when you’re offline. Since the majority of cyber attacks are automated, hackers and their malicious bots will grow impatient, realizing the cost is far too great in terms of time and resources required to continue in pursuit of a ghost.
Implementing this tip is easy. It just disconnects your devices from the internet when you’re not using them. Do not leave your home or office network and devices unattended and online. When you are out and about, consider using a radio frequency-blocking case or bag for your mobile devices. For more on this, Google ‘Faraday cell phone case’.”
5) Buy Cyber Insurance Sufficient For Your Needs
Time required to implement: Varies by person/law firm
On October 17, 2018 the American Bar Association Standing Committee on Ethics and Professional Responsibility released Formal Opinion 483 “Lawyers’ Obligations After an Electronic Data Breach or Cyberattack.” This Formal Opinion reaffirms the duty attorneys have to their clients to notify them in the event of a cyber attack or data breach. It also provides actions attorneys can take to meet their obligations under ABA model rules.
If your law firm does not currently have a cyber insurance policy in place—or if the policy purchased was one of the least expensive options available—please stop reading this article and go purchase proper cyber coverage. It’s reckless to believe it won’t happen or think firm size or practice area has anything to do with risk exposure. Attorney reputations have been shattered and law firms shuttered because they suffered a cyber attack and were ill-prepared to deal with the aftermath.
The best offense against a cybersecurity event and a data-breach incident is a proactive defense.