Cybersecurity attacks are becoming more sophisticated and rampant, so it is vital for law firms to take necessary precautions. But cybersecurity is not just a management or IT issue. In fact, everyone at your firm who has a computer needs to play a role to ensure your firm’s systems and data remain secure.
Security is not something that you “do” one time, and then your firm is secure. It is an ongoing process that needs attention, management, and adjustments. Here are 5 things that everyone at your firm should know.
Know About Common Breaches
It is important to know what traps to look for. Phishing attacks occurs when a cybercriminal casts a broad net in the hopes of catching a small percentage of unsuspecting victims. While a phishing email looks real at first glance, it typically brings the victim to a site that asks for personal information, such as a password, financial information, or other Personal Identifiable Information (PII), like your email, SSN, or birthdate. A more specific type of phishing is spear phishing, which involves impersonating actual people associated with your firm, like your Managing Partner, in an attempt to steal money or proprietary information. If you do not know the sender, it is best to delete the email.
Hover, Don’t Click on Links and Never Open Attachments from Unknown Sources
Do not click on links or open attachments if you are not sure who the sender is or what the destination is. Instead, use your mouse to hover over any links in the email to see the full destination URL. If you do not recognize a trusted website destination, do not click through.
Know What Websites You’re Visiting
In addition to never clicking on an unknown website, never visit a website that is not secure. When browsing the internet, the URL should have HTTPS, versus just HTTP. The difference is that HTTPS adds an extra layer of protection by using encryption so that data cannot be intercepted by third parties.
Strong Passwords and Multi-Factor Authentication
It may seem obvious but having effective password protection is crucial. Passwords are the initial barriers for many accounts, yet many people fall short on this basic security measure. Firms should develop a strict password policy to ensure every user’s password is complex and comprised of both capital and lowercase letters, numbers, and symbols. Passwords should never be recycled and must be changed on a regular basis. In addition, all firms should enforce the use of multi-factor authentication (MFA) for all users, without exception. MFA adds an extra layer by requiring users to confirm a second method of authentication, such as answering a question or inputting a token or code sent via text, email, or an authentication app.
Only Connect Using Secure Wi-Fi
In today’s “work from anywhere world,” lawyers and staff may be logging in from the office, home, or on the go. Working on a public Wi-Fi network is risky and makes the user and your data more vulnerable to being intercepted.
Even with all of the best security measures in place, nothing is perfect. Having a policy in place so users know what to do in case they suspect a threat is vital to your firm’s security. For more information and best practices on how to protect your firm from a cyberattack, contact Tabush Group.