Cybersecurity is more critical now than ever before. Not only are law firms storing more data, but since the pandemic has forced us all to become increasingly mobile it’s even more of a challenge keeping clients’ sensitive information safe.
So what can you do? It’s important that educate yourself and your colleagues on cybersecurity to ensure that your law firm’s data is properly protected (After all, you are only as strong as your weakest link.) Here are eight simple cybersecurity tips that all law firms can follow to make sure nothing gets into the wrong hands:
Tip #1: Make sure all devices are protected with a password or passcode.
One of the most basic rules of cybersecurity is to protect your mobile devices with a password or passcode. This includes both your computers and mobile devices. This way, if your device gets lost or stolen, it will make it much harder for anyone to access your sensitive information.
At a minimum, your phones and computers should require a login password or passcode. Additionally, you should be setting the screen to lock automatically after a certain amount of inactivity. On your phone, this may be a minute or two. There are security settings for computers that will lock your machine once the screensaver turns on, requiring your password to unlock it. We highly suggest doing this.
If possible, try to avoid those Android “drag a pattern with your finger” passcodes. If a malicious actor were to hold your screen up to the light at a certain angle, the path traced over and over again by your finger might be visible.
Tip #2: Use good passwords.
The two most common passwords in America, year in and year out, are “123456” or “password.” Every year they jockey for first and second place. Between those two and a user’s birth or anniversary date, you have a solid shot of guessing someone’s password. This is a cybersecurity nightmare!
We all get nagged about passwords and are familiar with the basic rules: use upper and lowercase characters, numbers, and punctuation. But there are ways you can make a password even stronger: You can have a “base” password that you extend uniquely for each site you visit. For example, perhaps your passwords always start with M@ry4, but for your bank it’s M@ry4Bank! and for your email it’s M@ry4Email!.
Tip #3: Utilize two-factor authentication.
For another layer of protection, two-factor authentication is a great choice (in a couple of years it may be standard and not a choice at all). Here’s how it works:
1. You log into an application via your username and password.
2. You then type in a dynamically generated code that is sent to your smartphone (or a key fob).
With two-factor authentication, a malicious actor would need to have your username, password, and smartphone in order to access your account. It’s like having an extra lock on the door, and is extremely popular on both desktop and mobile applications.
Tip #4: Keep your operating system updated.
The reason Windows, iOS, Mac OS, and Android are constantly nagging you to update your systems is that they’ve found a vulnerability that bad guys could use to find a way in. As sci-fi as it sounds, these vulnerabilities are often bought and sold on the Dark Web.
For these reasons, it’s absolutely imperative that you update your operating systems as soon as you can. Many of the major ransomware attacks that have been affecting municipalities and other large bureaucracies in recent years are a direct result of those organizations failing to update their systems in time.
And don’t forget your mobile devices! Apple and Android are constantly pumping out security patches through software updates, so make sure that you follow suit when a new version is available for your phone or tablet.
Tip #5: Use a VPN for any online activity.
If you’re using software over the web, you may wish to secure your connection with a virtual private network (VPN). VPNs are at the heart of any good cybersecurity protocol, regardless of what profession you’re in. With a VPN, your information is sent back and forth over an encrypted channel, so if someone were to snoop on your network (via a technique called “packet sniffing,”) they wouldn’t be able to read your data.
VPNs ensure the confidentiality of your important information. You can securely access websites and send and receive emails from clients since everything is encrypted. A VPN can also provide you protection from “law enforcement eavesdropping”, granting you complete anonymity on the internet. Some great VPN solutions include encrypt.me, Express VPN, and Strong VPN, which can cover both your computers and mobile devices.
Tip #6: Your personal hotspot is your friend.
At our remote Rocket Aid conference, John Simek, a security expert from Sensei Enterprises, strongly suggested against using public WiFi at a coffee shop or a hotel. Instead, he suggests connecting to your phone’s own personal hotspot, which essentially turns your phone into a router for your laptop. This is a great option if you don’t end up using a VPN.
It’s a great idea. Cellular hotspot data transmission is much more secure than public WiFi. You just don’t want other people connecting to your phone, so make sure you password protect the hotspot (see comments about good passwords above). If you are really paranoid, try naming your phone something like “hacker” so no one nearby thinks it’s a good idea to try to connect to your phone.
NOTE: If you are going to use public WiFi, you must take other precautions: namely, an up-to-date operating system and the use of HTTPS or VPN for sensitive information.
Tip #7: Consider a privacy screen for your mobile devices.
The reality is most digital theft occurs in decidedly unglamorous and mundane ways. It’s not what you see in the movies and is more often than not physical in nature.
When working on sensitive information in public, be just as aware if not more so about people looking at your screen (or eavesdropping on your conversations) than people scanning the WiFi network. Fortunately, you can protect neighbors from snooping on you inexpensively.
Devices known as privacy filters prevent your screens from being viewed by anyone other than the person directly in front of it. There are inexpensive filters available for every kind of computer (both laptop and desktop). You can also purchase privacy filter screen protectors for your mobile devices as well.
Tip #8: Know how to avoid phishing scams.
“Phishing” is when a perpetrator sends you an email that looks to be legitimate from an institution you trust such as your bank or insurance company. You click a link in the email, go to an imposter site that looks identical to the institution’s site, and hand over your username, password, and other authentication information to a bad actor. Those people now have all your login information to that site. Another danger of phishing attacks: The link can take you to a site that infects your computer with malware.
So how do you prevent this? First, make it a rule to never click on links in emails unless you’re expecting the email. For instance, if your friend texts you and says, “I’m emailing you the funniest cat video!” then, by all means, open the email.
If you are not expecting the email, however, then type the internet address directly into the address bar of the browser instead of clicking on it. So, if you receive an email from, say, Chase bank, don’t click on the link. Do this instead: Type chase.com into your address bar yourself and log in from there. It’ll only take a few seconds, but it can protect you from hackers looking to steal all of your financial information (or worse.)
Cybersecurity doesn’t have to be complicated. Taking just a few steps and utilizing the suggestions above will ensure that you and your clients can sleep well at night.