Cybersecurity

Five Tips for Cybersecurity Peace of Mind

Hackers target law firms, attorneys, and their clients for the private information and secrets they keep. The volume and intensity of cyber attacks and breaches affecting law firms and lawyers are at unprecedented levels and getting worse. Many professionals have become comfortably numb to the news and the reality of what comes next.

It’s not possible to know precisely what percentage of web traffic is malicious, but a lot of web traffic is malicious. According to GlobalDots Bad Bot Report 2018, “bot traffic makes up 61.9% of total traffic on the world’s largest websites. Bad Bots are increasing—21.8% of all website traffic are now Bad Bots, a 9.5% increase over the previous year.”

In addition to bad bots, there are plenty of bad people who will hack you if given the opportunity. Cybersecurity threats and data breaches wreak havoc on personal and professional lives every day. Your cybersecurity vulnerabilities expose you and everyone within your circle to malicious behavior.

The risk of being hacked today is far too great a threat to ignore.

The following cybersecurity tips are intended to help you protect yourself, your law firm, and your clients. They make it much harder for hackers to access your mobile devices and disrupt your life.

1) Secure Your Mobile Account With A Master Password

Time required to implement: Less than 15 minutes

An account master password helps prevent unauthorized changes being made to your account. Sometimes referred to as a security passcode or account pin, this master password is different from your account login password. It’s also different from your mobile device or voicemail pin/password. You will need to contact your mobile phone service provider to create a master password for your account.

2) Secure Your Mobile Number With A Port Lock

Time required to implement: 15-20 minutes

Phone number porting allows you to keep your existing telephone phone number when you switch service providers. Number porting is possible between wireline (aka “landline”), IP, and wireless providers.

Mobile phone service providers are required to comply with port requests so long as the person initiating the request provides accurate information. Therein lies the problem.

According to AT&T: “Imagine this—someone walks into a phone store and pretends to be you with a fake ID and your personal information. They want to switch carriers and walk away with control of your phone number. Stealing a mobile phone number this way is known as ‘illegal porting.’ Bad guys sometimes use illegal porting to steal your phone number, transfer the number to a device they control and intercept text authentication messages from your bank, credit card issuer or other companies. Many companies will call or text customers to confirm their identity. Once the bad guy has your number, he will get the authentication messages and can use them to get access to your accounts.”

3) Secure Your Mobile Data With A SIM PIN

Time required to implement: 15-20 minutes

A subscriber identification (identity) module or SIM card is a smart card used in many modern mobile phones. A SIM card stores your personal data and an identification number unique to you. If your un-encrypted SIM card gets lost or stolen, you have a problem.

A SIM PIN password helps protects you in the event your mobile device is lost or stolen. If someone were to remove your SIM card and try to use it in another device they would be locked out by the SIM PIN.

According to Apple: “To protect your SIM card from others using it for phone calls or cellular data, you can use a SIM PIN. Then, every time you restart your device or remove the SIM card, your SIM card will automatically lock and you’ll see ‘Locked SIM’ in the status bar.”

To secure a SIM PIN and protect your personal and private information, you will need to create a SIM PIN password. To do this you’ll need to contact your mobile phone service provider. Not all mobile devices use SIM cards and some mobile phone service providers don’t allow for SIM PIN.

WARNING: Do not attempt to guess your SIM PIN. Entering an incorrect SIM PIN more than a few times can permanently lock your SIM card, requiring the need for replacement.

4) Disconnect Your Devices When You’re Not Using Them

Time required to implement: Very little

It’s considerably more difficult to hack someone whose devices are not online. An effective method to avoid getting hacked is to make your internet-connected devices inaccessible. This is not to suggest turning your mobile devices or internet/phone service off during business hours. This tip is about helping you optimize the use of your technology and keeping you safe.

Implementing this tip requires very little effort or sacrifice and yields a tremendous return on investment. Bad actors lose direct access to hack you when you’re offline. Since the majority of cyber attacks are automated, hackers and their malicious bots will grow impatient, realizing the cost is far too great in terms of time and resources required to continue in pursuit of a ghost.

Implementing this tip is easy. It just disconnects your devices from the internet when you’re not using them. Do not leave your home or office network and devices unattended and online. When you are out and about, consider using a radio frequency-blocking case or bag for your mobile devices. For more on this, Google ‘Faraday cell phone case’.”

5) Buy Cyber Insurance Sufficient For Your Needs

Time required to implement: Varies by person/law firm

On October 17, 2018 the American Bar Association Standing Committee on Ethics and Professional Responsibility released Formal Opinion 483 “Lawyers’ Obligations After an Electronic Data Breach or Cyberattack.” This Formal Opinion reaffirms the duty attorneys have to their clients to notify them in the event of a cyber attack or data breach. It also provides actions attorneys can take to meet their obligations under ABA model rules.

If your law firm does not currently have a cyber insurance policy in place—or if the policy purchased was one of the least expensive options available—please stop reading this article and go purchase proper cyber coverage. It’s reckless to believe it won’t happen or think firm size or practice area has anything to do with risk exposure. Attorney reputations have been shattered and law firms shuttered because they suffered a cyber attack and were ill-prepared to deal with the aftermath.

The best offense against a cybersecurity event and a data-breach incident is a proactive defense.

About RB Tewksbury

RB Tewksbury
Russell Baird “RB” Tewksbury is an entrepreneur and professional consultant, since 1991. He’s President of MarketWorks LLC, an attorney marketing and legal technology management company. Mr. Tewksbury is a legal marketing professional and legal-technology management expert. His professional certifications from Google include AdWords Advanced Search, Advertising Fundamentals, Mobile Advertising, Video Advertising Advanced, AdWords Advanced Display and Google Analytics. Tewksbury is the creator and host of Cybersecurity Fundamentals For Law Firms And Attorneys. A series of continuing legal education events conducted over live web meetings and interactive webinars. He is a member of The Internet Society’s Cyber Security Special Interest Group (“SIG”), Blockchain SIG and Internet of Things SIG. Mr. Tewksbury is also a U.S. Merchant Marine Officer - U.S. Coast Guard Licensed Master Captain. He is listed in Marquis’ Who’s Who in America (2000 – present) and Marquis’ Who’s Who in the World (1999 – present). @RBTewksbury

Check Also

mobile data

Six Strategies to Safeguard Your Mobile Data

Mobility is a key factor in attorneys’ collective quest to boost efficiency, billable hours and client service.