LOGICFORCE CEO, Gulam Zade, was tapped to write a monthly legal tech column in Law.com’s Mid-Market Report. October’s column covers cybersecurity practices to implement that will help protect data amidst a rising number of cyberattacks across the legal industry.
There has been a five-fold increase in cyberattacks this year due to the coronavirus pandemic. According to a recent report, the FBI’s Cyber Division now receives as many as 4,000 cyberattack complaints a day. That’s a 400% increase from the amount of reports prior to the coronavirus.
What’s the link between the coronavirus and increased cyberattacks? In the legal industry, the pandemic forced many lawyers to rapidly transition to remote work, which led to a slew of data protection issues. Insufficient remote hardware and software, insecure home networks, increased time spent digitally connected and heightened anxiety surrounding the virus all put private client data at risk. These factors created the perfect storm for cybercriminals to prey.
As we near 2021, it’s clear that many firms will continue to work remotely in some capacity for the foreseeable future. If this applies to your firm, keep these cybersecurity best practices in mind to secure data and decrease the risk of an attack.
Know how to spot phishing scams
Cybercriminals are well aware that attorneys are still working from home and that sensitive data may not be as secure as it is in the office. At the beginning of the pandemic, the initial spike in phishing scams included fake websites and phishing e-mails appearing to come from the CDC or WHO.
To spot a scam email, first closely check the sender’s name and e-mail address for anything that looks suspicious. Cybercriminals attempt to trick recipients by including the name of a legitimate company, colleague or client in the email address. For example, firstname.lastname@example.org could easily be confused with email@example.com.
Consider what the email is asking of you. Phishing emails may attempt to trick you into giving away a password or other login credentials, bank information or personal data like your phone number. Never log into password protected accounts through an e-mail. Only log into an account from its official site. Most organizations, banks, credit card companies and individuals will not ask you for personal information over email.
Don’t click. Delete. If you have received a nefarious email or your suspicion is raised, don’t engage. It’s best to simply delete the email and block the sender.
Update policies and conduct cybersecurity training sessions
The rapid transition to a remote-work model put pressure on law firms to quickly introduce new security protocols. Firms need to establish and continuously reinforce cybersecurity policies and best practices for attorneys working remotely.
Cybersecurity policy reviews and training sessions help identify security holes and can prevent user error. Hacker tactics are always evolving. Cybersecurity training programs heighten awareness of common practices that are used to gain unlawful access to systems. These programs should be mandatory.
Remote work policies should include regulating personal device use for work-related activity, securing virtual private networks, providing virtual IT support and outlining restrictions on use of firm issued devices.
For those in highly regulated industries, passing client audits may be harder than before. Special consideration must be given to compliance of federal regulations, including HIPAA, since video conferencing has now replaced a significant amount of in-person interaction and mediation.
Secure at-home hardware and software
While working from home, there may be a larger variety of devices connected to Wi-Fi networks, such as gaming consoles or smart home appliances. These devices may put work-related devices at heightened risk of being hacked.
To secure your home or remote office, ensure all accounts and devices have strong passwords, hide your network from view and keep your router software updated.
If discussing sensitive information over the phone or video conference, assume smart home devices are ‘listening’ unless unplugged.
Implement or update Data Loss Prevention Technology
Data loss prevention (DLP) is a technology that scans documents, emails and other types of data leaving law firms for information like social security numbers. DLP blocks the transmission of sensitive data and can also scan data going onto removable media for physical transport.
It is important to ensure that DLP technology is kept up to date to meet ABA compliance mandates. Furthermore, as data becomes more complex with the increased adoption of the cloud, there is an increased number of locations data must be protected.
Strengthen access limitations with Multi-factor Authentication
Multi-factor Authentication (MFA) is a method of computer access control that requires users to provide authentication methods from at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).
In a recent study, we found that most law firms are not using multi-factor authentication to protect important and sensitive documents and resources. Stolen credentials remain one of the most common avenues for security breaches. MFA is a simple and necessary addition to firms’ cybersecurity programs and can combat credential-related breaches.
Cybercriminals have ramped up efforts this year and have yet to slow down. Implement these cybersecurity best practices to protect data and earn and keep clients.
Gulam Zade is the CEO of LOGICFORCE, a legal technology consultancy that serves law firms across the country.
This article was originally published in Law.com’s Mid-Market Report on 10/19/20. Read the original post here: https://www.law.com/mid-market-report/2020/10/19/keeping-your-firm-secure-amidst-increasing-cyberattacks/