In July, an incredible 42% of people were working from home according to Stanford research, including the majority of lawyers and law firm staff. Without taking necessary precautions, attorneys working remotely can put sensitive client data at risk, especially since most home networks aren’t as secure as those in the office. This, coupled with the fact that over 72% of people are more concerned than ever about privacy and cybersecurity, the attorney’s role as the gatekeeper of private client information is critical. Attorneys can take these steps to enhance security and protect data that is often targeted by hackers.
Create Strong Passwords
It may sound obvious, but strong passwords remain one of the best ways to protect sensitive information. As the first line of defense against scammers, phishers, hackers, and other unauthorized users attempting to steal information, password strength is key. Consider these factors to create a strong password:
- Length: Optimal passwords are 12-15 characters long.
- Complexity: Include upper and lowercase letters, numbers, and symbols. Avoid using consecutive sequences like ABC or 123, as these are more easily guessed. Also avoid using information such as birthdays, the names of your children or pets, or other personal information that could be found on the internet. A passphrase, a unique phrase that is longer and more complex than a traditional password, is also recommended.
- Variety: Create a different password for each account and system so that in the event of a hack, the other accounts remain secure. Changing your password periodically is often recommended.
Consider using a password management system like LastPass password manager extension to keep your passwords secure but easily accessible.
Implement Multi-factor Authentication
Multi-factor authentication (MFA) provides an extra layer of security to sensitive files by requiring two pieces of information, often involving a password and a biometric factor like a finger print or face scan, to gain access to a system or account. MFA can be added to almost any system, but we recommend adding it to Office 365 as a starting point to protect client information and emails.
Here’s a quick guide to adding MFA to your Office 365 account:
- Go to the Microsoft User Management page.
- Sign in with to your work account and select the account(s) you would like require MFA for.
- Click “enable” at the bottom right hand corner of the screen.
You will be able to decide whether you’d like to authenticate using a text, email, phone call or app notification. Note that you may only be able to add MFA to your account if you have admin access to Office 365 in your organization. Without admin access to Office 365, you can use a different application to add MFA, like Microsoft Authenticator, Auth, Google Authenticator, or 2FA Authenticator.
Add Role-Based Access Controls
Cybersecurity and privacy measures help keep information away from hackers, but it’s also important to make sure that information is accessible to the appropriate individuals at your firm or organization. Role-based security controls ensure that sensitive information does not fall into unauthorized hands, both internally and externally.
Within Microsoft, you can add role-based access controls by assigning employees to a role that is linked to a specific security level, restricting access to more sensitive information. This can only be done by an administrator. To increase security of your personal work, make sure that collaborative documents are properly stored and shared. Do not add documents to a firm-wide sharing platform, but rather send only to those who need the information. When sending a document containing extremely sensitive client information or legal documents via email, consider adding password protection to see the contents of the document.
Backup data and use anti-virus software
If documents are kept in one place, consider backing up to an external server or the cloud. This ensures access to all documents and information you need, even if your primary account gets hacked or your computer is damaged.
Consider using a virus protection scanner. Scanners keep information safe from hackers by searching for malicious code, spyware, and other software that can leave devices vulnerable.
Be Aware of IoT Devices
Many attorneys have multiple Internet of Things (IoT) devices in their homes, including Amazon Alexa, Google Home, Smart TVs, or wearables like an Apple Watch or Fitbit. The best practice is to assume that these devices are listening when on and in range of phone and video calls. If you are discussing sensitive legal or client information, turn off and unplug IoT devices, or speak behind closed doors.
Now is the time to enforce and reinforce prudent security policies. By taking proactive steps to address vulnerabilities, law firms can ensure that they are taking all precautions to prevent cyberattacks. LOGICFORCE provides cybersecurity services specifically for law firms as part of our New Style Legal IT® offering. Please request a call for more information on securing and protecting sensitive data.
Bethany Ford is a Business Analyst Intern at LOGICFORCE.