October is Cybersecurity Awareness month. Throughout the month, the nation’s cyber defense agency, Cybersecurity and Infrastructure Security Agency (CISA), will encourage everyone to take action to stay safe online, including business owners, by raising awareness about how to combat constant and ever-increasing online threats.
Although significant security breaches are usually the ones in the news, law firms of all sizes still have to concern themselves with security, as they may often be the target of viruses and phishing attempts as hackers try to access, change, or destroy sensitive client information, attempting to interrupt normal business processes and often to extort money.
Types of Threats
- Malware: malicious software that can be used to harm a computer user, such as worms, viruses, Trojan horses, and spyware.
- Ransomware: a type of malware that locks computer system files via encryption. Hackers then demand payment to decrypt and unlock them.
- Phishing: fraudulent emails, mimicking emails from reputable sources, which instead steal sensitive data, such as credit card information or login credentials.
Keep Your Systems Secure
Your law firm should be implementing cybersecurity best practices in order to limit risk and protect IT assets from attackers with malicious intent. Security should be implemented in three basic areas:
- Devices like computers, smart devices, and routers
- Internal networks
- Cloud-based data
Common technology used to protect these entities include firewalls, malware protection, antivirus software, and email security.
While you may have implemented comprehensive, effective, and likely expensive security tools, often the weakest links are the people using those tools. Here are some cybersecurity tips to keep in mind:
- Practice good password management. Use a strong mix of characters and don’t use the same password for multiple sites. Consider using a password management system, such as Last Pass. Use of such a system means you only have to remember one password. It also allows you to easily grant or revoke access for your staff to various accounts, without having to share actual passwords.
- Be sure you’re familiar with the sender before opening attachments or clicking on links in the email. If an email is unexpected or suspicious for any reason, don’t click on it. Spelling and grammar errors are often a red flag for hacking attempts.
- Only allow access to sensitive data from office computers or other known devices. Using a public computer or free Wi-Fi at a coffee shop puts you at risk of your data being copied or stolen.
- Keep your website safe! Be sure that whoever maintains your website continuously keeps all of your plugins, themes, and coding updated to avoid any hacking attempts. And remember to back up your data regularly.
- Make sure your antivirus software is always turned on and up to date.
- Malware can be spread through infected flash drives, external hard drives, and even smartphones, so be cautious when plugging devices into your computer.
Cybersecurity helps prevent data breaches and ransomware attacks. When a law firm has a strong sense of network security, it is better able to prevent and mitigate cyberattacks. If you haven’t given any recent thought to how secure your law firm network and website is, now’s the time to contact your IT company to verify that your cybersecurity measures are up to date.
Rita Chaires
Director, Web and Online Marketing Services
American Academy of Estate Planning Attorneys, Inc.
9444 Balboa Avenue, Suite 300
San Diego, California 92123
Phone: (858) 453-2128
www.aaepa.com
- Social Media Marketing for Lawyers: A Comprehensive Guide - September 7, 2023
- The Power of Keyword Research for Law Firms: Unlocking Online Success - August 3, 2023
- How to Measure the Success of Your Online Marketing Campaigns - July 6, 2023