9 Tips for Law Firm IT Security

9 Tips for Law Firm

Law Firm IT Security is now a VERY big deal. If you are a Law Firm, you might not know that you are in the crosshairs of many hackers and nefarious individuals as of late (See Bloomberg, The Law Society Gazette, and American Lawyer).

That is the bad news. The good news is that there are some practical steps that you can take to make your security much more serious. We have taken the time to share nine of those ideas below, and would be more than happy to sit down over coffee to discuss any particular Technology Security need your Firm might have, so feel free to contact us!

9 Tips to make your Law Firm more Secure

1. Make IT Security a priority.

That you’re reading this article is a good sign.  Just because you are not a behemoth law firm doesn’t innately mean that you are safe – many of the firms that get attacked are small firms, not Biglaw behemoths. As Adriana Linares (panelist at the ABA Techshow in 2016) put it, “Eighty percent of law firms have been hacked, and the other twenty percent are either lying or don’t know about it.”

2. Apply your Updates as soon as possible.

Updates are the most important step in securing your computer. They are even more important and useful than anti-virus software (that is according to a Google survey of 2311 Security Experts). Installing updates can be a laborious process, and all updates should be tested before they are put into production. Having a company that is familiar with this process is very important and helpful.

3. Get Anti-Virus AND Anti-Malware Software.

Getting a solid program to help in mitigating the threat of Malware and Viruses can be a life saver – as long as updates are being installed and scans are ran at regular intervals.

4. Get a Proper Backup Solution.

You need to have your data backed up to a secure and separate location in the event of a disaster or data loss. Backing up to the cloud is an increasingly popular option, but be careful when selecting a service. Some cloud-based services (such as the widely used Dropbox) simply replicate everything on your desktop to the off-site server, however if you have a virus on your laptop, the problem can spread to your backup files. The better solution is to utilize a service that backs up on-site and securely off-site. One great example would be Carbonite (you read about some of the unique advantages of Carbonite here).

5. Use two-factor authentication.

Two-factor authentication is an increasingly popular and effective way to protect the security of online accounts — so start using it.

It can be more cumbersome than simply entering a single password, but the exponential increase in security is well worth it.

6. Use a password manager.

Speaking of passwords, there are solutions out there for handling your plethora of passwords. We recommend LastPass. It stores all data in encrypted form – meaning that even if data gets in the hand of hackers it is all encrypted and effectively useless.

7. Look into encryption to protect the privacy and confidentiality of your (and your clients’) data.

Chris Soghoian and Ben Wizner of the ACLU spoke about how having NSA whistleblower Edward Snowden as a client forced them to up their game on the encryption front. Because of his high profile and the attention focused on him by multiple international intelligence agencies, Snowden insists on encrypted communications. But you don’t need to have a client like Snowden to benefit from the security and privacy that encryption can afford.

For a while, PGP was the leading encryption technology (and you’ll still see many journalist and techie bios on Twitter with PGP key information; see, e.g., former ATL editor Kashmir Hill). But because it’s cumbersome, PGP is losing market share to other encryption technologies, according to Soghoian (who revealed that he’s currently on a PGP hiatus).

For example, Marcia Hofmann uses Signal from Open Whisper Systems, a free and open-source app that allows for encrypted voice calling and instant messaging. It’s easy to download and to learn how to use.

If you’re too lazy for that but at least own an iPhone, you can actually use FaceTime for your phone calls and iMessage for your messages to other iPhone users, as Soghoian pointed out. Both FaceTime and iMessage offer so-called end-to-end encryption — which means, in a nutshell, that neither the government nor hackers can intercept your communications midstream and read them.

As for encrypted file storage and backup, you can use Dropbox Business or Google Drive as well as a plethora of other options.

8. Educate your co-workers about cybersecurity.

You might know about about cybersecurity and take all the right steps, but all it takes is one weak link in your organization to throw your computer system into chaos. Linares shared the story of how one Florida firm got hacked after a secretary clicked on an email attachment that was labeled “résumé for your review” but was actually malware. (one simple step is to hover over links to check their validity)

9. Don’t let the perfect be the enemy of the good.

You can never be 100 percent secure. The best you can do is to try to protect yourself against major or obvious threats, and continue to be a student of the technology you use.

A good starting point: an assessment of your computer systems to figure out what your potential issues and biggest risk points are. This is what a number of law firms are now doing in the wake of the hacking reported last week, often with the help of outside consultants or technology firms.

We are performing free network scans and audits for law firms.

Fill out the Form Below to Redeem Your Network Scan and have us contact you to schedule a time convenient for you. 

Leave a Reply