At our recent Evolve Law event in Austin, the topic of cybersecurity at law firms was raised, as more and more attorneys have to consider the security of the sensitive client information they are charged with. While no security is absolute, LawPay has laid out relatively simple steps that any firm can take to make sure that their security measures are up to par; be sure to give the full articles (linked below) a read for more in-depth advice.
Identify your security assets. The first step in making sure your firm is secure is knowing how your computer network is set up and what you have connected to it. Whether you use wi-fi or hardwired internet connection, you should create a list of every device that you have connected to it. Similarly, you should note all the software applications used on any of the devices, what sort of information those apps collect, and where the data is stored. Finally, you need to account for all the users and administrators on your network to see who has access to what. Once you have a high-level view of your network infrastructure, it's easier to understand where security threats can come from.
Strengthen your passwords. 12345 may be a great password for your luggage, but it's less than ideal for secure devices and apps if you want to maintain security. One of the biggest threats to cybersecurity is reusing the same password for multiple sites. While it's understandable given the litany of websites and apps that require passwords, it can also prove dangerous should someone manage to figure it out. Using a password manager to wrangle all of your different passwords is a great way to avoid falling into the single password trap. Regardless of whether you use a password manager or not, you want to make sure that your passwords are sufficiently complex that they can't be easily figured out. Another way to increase password security is to enable multi-factor authentication, which involves entering your password along with a secondary input, like a code sent via text or email.
Fortify your network. The convenience of wi-fi can also prove to be one of its biggest security risks, as a wireless network can be more easily breached if the proper precautions aren't taken. Make sure that you've changed the administrator password to your router and the password to the wi-fi networks so that it is something unique that you can control access to. Keeping your office network private and enforcing password authentication will prevent any unwanted guests from being able to access it. If need be, you can set up a guest network that is separate from your more secure private network. It's also important to ensure the physical security of your router to prevent tampering, so make sure that it's kept in a place where only authorized personnel can get to it.
Protect internal systems. Breaching your computer is a great way for hackers to access your personal information and gain access to the rest of your network. In order to protect your device, you need to be proactive in maintaining its security measures. That means making sure that you are updating your operating system to get the latest fixes for issues that hackers could otherwise exploit. You should also make sure you have anti-virus and anti-malware software on your computer that can automatically detect for threats and scan your hard drive regularly. Configuring your firewall can also help to limit the data that is coming into your computer to stop potential threats before they make it to your inbox or browser. Once you have all these measures in place, it's vital to control who is able to make changes to device settings. Useres need not have access or rights beyond what is needed to do their job.
Secure your sensitive data. Given the types of information that attorneys are privy to, it is paramount that in addition to network and device security measures, they are taking steps to keep the data secure. Any websites that deal in sensitive information should be using secure communication, which means the address should start with https. You should also be leery of any sites that raise security flags from your browser and navigate away; when it comes to security, it is better to be overly cautious. Data stored on your computer should be encrypted to prevent anyone who might steal your device from accessing the information on it. And if you're transmitting data for storage, be sure that you're using file encryption when you're sending it. You should also be aware of security regulations regarding client data on the cloud as stipulated by the particular industry.
If you want to learn more about cybersecurity, take advantage of LawPay's course on How to Run a Secure Law Firm; it's free and offers CLE credit.