Cyber Attack

Nine Steps You Can Take Today to Safeguard Your Law Firm’s Data

Did you know there’s a cyber attack every 39 seconds? And hackers often target businesses with the hopes of accessing large client databases that serve as a treasure trove of personal information.

As a legal professional, you’re held to some of the highest standards for clients confidentiality, which means you have a duty to do everything in your power to keep clients’ personal information safe and secure. Not to mention, cyberattacks on your law firm firm can be costly, especially when they result in operational downtime, payments to ransomware attackers, and lawsuits and fines against your firm.

To keep your clients, yourself, and your law firm safe, here are 10 data security best practices that you should start implementing today.

1.  Create Strong Passwords and Keep Them Private

The best rule of thumb is to create long, complex passwords that use a mixture of capital and lowercase letters, numerals, and symbols. Avoid using words associated with the name of your law firm or other obvious information about yourself (your name, birthdate, etc.). You should also avoid using passwords that are the same as or similar to passwords from your other accounts, as this can increase your vulnerability for getting hacked. For additional tips on how to create a strong password, read this blog post by Avast.

It’s wise to invest in password management software that allows you to store your credentials for your various accounts in one secure place, which you can access through a single password. This helps you keep your passwords distinct (maximizing your security and mitigating your risk) without requiring you to remember every single one.

And lastly, here are three more tips to keep in mind for optimal password protection:

  • Never share your password with anyone.
  • Do not store or send any passwords or sensitive information via email, unless you are using an encryption program.
  • Make sure to change your passwords on a regular basis—ideally every 90 to 120 days.

2. Use Two-Factor Authentication

Many digital systems and programs will allow you to set up two-factor authentication, which requires you to submit additional proof that you are who you say you are when logging into your account. For example, you might be asked to enter in a code that is sent to you via text or email, answer a security question, or even provide biometric information like your fingerprint or face recognition on your phone.

If you ever have the option to set up two-factor authentication, make sure you do so. Hackers now have advanced techniques and technology for cracking passwords, so it’s critical to have an additional layer of security.

3. Recognize and Avoid Phishing Scams

A phishing scam occurs when someone poses as a trusted source, such as a company you do business with, for the purpose of getting you to share private information, such as your credit card information, your password, or your social security number. The hacker may send an email or text asking you to submit or confirm your personal information (e.g. “Your password is about to expire. Use the following link to reset it.”).

Always err on the side of caution and assume messages like these are scams. Do not click on the link. Instead, contact your service provider directly to confirm that they actually sent the communication. If you don’t want to call, go directly to the company’s URL or app to log into your account and check for any communications there. If you suspect that you were targeted in a scam, delete the email or text and report the incident to your provider.

One trick is to pay close attention to the email address from which the communication was sent. Make sure the email domain (the part after the @ symbol) matches that of your provider. You should also hover your cursor over the email address and any embedded links to view the true source. Read more about some of the most common types of phishing scams and how to spot them.

4. Always Use a VPN When on Public Wi-Fi

When it comes to an Internet connection, your data is least secure when you’re connected to public Wi-Fi, which allows you to connect to the Internet for free. Public Wi-Fi is usually available in places like airports, coffee shops, restaurants, courthouses, etc. These “hotspots” tend to have weaker security, making it easy for others to intercept personal data you are transmitting while on the Wi-Fi connection. These are called “man-in-the-middle” attacks. Hackers can also set up “rogue access points” that appear to be legitimate networks so they can spy on a user’s online activity.

When accessing the Internet remotely, it’s best to access the Internet through a virtual private network, or VPN. A VPN allows you to create a private network on a public internet connection, and it provides encryption that helps keep your online activity private from unwanted snoopers.

If you at any point need to work on public Wi-Fi without a VPN, avoid viewing or submitting any private or personal information that you don’t want others accessing (e.g., your passwords, social security number, credit card information, client information, etc.). It’s also helpful to set up your devices so they do not auto-connect to Wi-Fi, and only visit websites that include HTTPS in the URL, as these websites use higher encryption and authentication standards.

5. Use a Firewall and an Antivirus Program

It may sound obvious, but you would be surprised how many people overlook this important step: make sure you have a reliable firewall and antivirus program installed so you can protect your practices against viruses, malware, and spyware. Sign up for auto-renewal so you don’t get stuck with lapses in security coverage.

6. Install Operating System Updates

It’s easy to get into the habit of clicking “Reminder Me Later” when you see an update reminder pop up for your operating system. However, prolonging the update process puts you at higher risk because updates often include fixes to bugs and other issues that could include security vulnerabilities. Make sure to keep your operating system and other programs up-to-date at all times for the maximum level of security protection.

7. Close Down Any Online Service You No Longer Use

Abandoned accounts are easy targets for cybercriminals because it’s easier for illicit activity to stay undetected. Be sure to regularly monitor all your online accounts, and close any accounts you no longer intend to use so they don’t set your firm up from a potential security threat.

8. Back Up Your Data on the Cloud

While this isn’t necessarily a defensive tactic against cyberattacks, it is critical to the stability and continuity of your practice… Always back up your client and business data using cloud-based storage so you’re not at risk of losing important information. Don’t rely on hardware, as it can crash at any time. You should also have encryption set up on all your devices to ensure the data is not compromised in the transmission and storage process.

9. Train Your Staff

Your firm’s security is only as strong as its weakest link. Train all your staff on the latest cybersecurity best practices and put policies in place to ensure compliance (e.g., requiring employees to use two-factor authentication, use lock screens on any of their mobile devices that contain company data, etc.).

By taking action now, you can save yourself the serious repercussions that come with a data breach or cybercrime. Be proactive in protecting your clients and your firm!

Check Also


Virginia’s New Data Protection Law

The new law signals an increased need for adaptability in privacy compliance.