Cybersecurity 101: Best Practices Your Firm Should Implement

Article Placeholder Image
By Jonathan R. Tung, Esq. on October 19, 2015 6:58 AM

Law firms have a lot on their plates to worry about. The most obvious concern is how to stay in business. For example, we recently pointed out the importance of improving intake procedures.

Although it may be easy to dismiss the threat of cybersecurity, don't. The security of the information handled by your firm really should be a top priority. These best practices can help your firm avoid potential security disasters.

Educate Employees About Common "Phishing" Scams

We've all heard of the Nigerian 419 email scam(s). These days, law firms are the targets of similar phishing letters; and the new variety aren't nearly as obvious as the Nigerian ones, either. Large law firms are usually the most common target for security breaches because they typically attract the most monied clients.

FraudWatch International is updated frequently with the latest phishing scams. Keep your employees updated constantly.

Review Third Party Contracts

According to a 2015 Forrester Research Survey of IT security and risk management professionals, organizations are more concerned about third parties inadvertently leaking data than they are about the vendor's ability to do the job as agreed. This means that any time your company signs a contract with a third party involved, the chances are that somebody is more concerned about potential data breaches than the contract itself.

Either make sure third party vendors can be trusted with the data, or find another way deal with 3rd party contracts.

Secure Your Website -- and Your Network

If you're still one of those companies that uses a free Wi-Fi network that allows guests to use it ... let's just say it's time to upgrade. All law firms should be using a Secure Sockets Layer protocol that has been "Heartbleed" proofed.

You'll recall the major security software bug in 2014 that essentially threw the doors wide open to millions of bank accounts and social media accounts. The fix mostly remains on the side of Web companies servers, but a good IT person can patch up your local access point. In fact, every network in your company should be password protected. A good password; not "hi mom."

5. Multi-Factor Authentication

Multi-Factor Authentication has been around a while, but more companies are considering it. In addition to considering it for your firm, you should consider it in your personal life.

The major drawback to MFA or 2FA (Two-Factor Authentication) is its hassle. This security process requires another token that allows only the bearer of that key to access the site. It's possible to employ 2FA in your company; although, at this point, it's still a little maverick for law firms to do this. Also, 2FA also tends to attract snooping because only high level targets tend to employ the practice because of its costs. Also, a key sent to your phone is only as secure as the access password to your phone -- which is pathetically short.

Related Resources: