Imagine this, you’re walking down the street, mind your own business thinking about the events that took place prior to you that day. Maybe it was court hearing, maybe you met an important client for coffee and lunch or maybe you were in the office all day ensuring that files are up to date, completions went through on time or something to that effect. As you’re walking down this make belief street, imagine now someone bumps into you. This individual looks like a client you know, but odd. They don’t say “hi, how are you” they avoid eye-contact and seem to be in a rush and push right past you. You don’t think much of it you think they are having a bad day so you continue on your way.
It’s only when you sit down do you realise that this individual you thought looked like your client took your wallet, your driving licence, your bank card, the small amount of change you had and so on. You were just the victim of a robbery, and you didn’t realise it.
Now, imagine the above but instead of you walking down the street you’re on your laptop. Instead of an individual that looked like your client it was an email from your client and instead of them stealing your wallet it was your legitimate client’s money they were stealing. You were the victim of a phishing scam.
Hackings, scam and data thefts are all on the increase and law firms need to stay up to date with what is hot and what is not in the cyber security world. But keeping up to date is difficult and for those lawyers that aren’t keen on technology, the subject can be boring and daunting. So instead, here are five key tips to ensure your law firms stays secure and protects again cyber-attacks.
1) Use Strong Password
So, this one should be a given, but before any attack can happen one of two things must happen. The first is that someone within the law firm must give access to their laptop to a hacker. This is usually through some form of phishing email. But the second is the attacked must have your laptop. Making sure that passwords are strong and secure will stop most attacks especially when best practices are followed. The password itself doesn’t need to be a 16-digit behemoth, but it does need one upper case letter, a lower-case letter, a number and special character and it must be 8 digits long. This alone will see most attempts at breaching your IT systems fail.
2) Two-Factor Authentication (2FA)
2FA is a fantastic way to ensure your systems are protected. Why? Because the second step in a 2FA is usually connected to some form of app which is connected to your phone. What’s also great is usually the result from that app is a randomly generated 6-digit code. So unless the hacker can get your password and guess the code, they’re going to have a hard time getting in. Most systems now offer 2FA as standard and it is a under-utilised feature which could mean the difference between your law firm operating normally or your law firm being compromised.
3) Keep software up to date
We all hate coming into the office in a rush wanting to send something off to a client, or the SRA or the Land Registry and as we open our laptops are told that an update is in progress, and we cannot use it until the update is complete. You can sometime lose 30 minutes having to wait for the computer to finish, but it is important you wait. The reason software updates are pushed is because usually the system provider has found a weak spot in its software. Some form of vulnerability that would allow nefarious individuals to take advantage of it and hack into the system. Updates are great for fixing these weak spots ensuring your data cannot be compromised.
4) Educate staff about phishing
The above three reasons are technical things you can do to ensure that your systems are safe, and your data is protected. But the biggest cause of hacks in businesses, including law firms, isn’t hackers hacking your Wi-Fi or server. Its colleagues click a link in an email that looks safe enough but in fact isn’t. That link usually install software on the computer which compromises it and allows hackers into the wider IT infrastructure. This is a phishing attack, and how do you stop it? Through education. There is no tech that can stop a person click a link they aren’t meant to. Only through suspicion, vigilance and education of these attacks can they be prevented and stopped.
5) Back-Up Data
When data is compromised sometime there is no other solution other than to wipe your system. Scrub it clean out so that the hackers are no longer in there. But this has the added effect of also scrubbing out all your data. But by backing-up data (ideally daily) you protect yourself because once scrubbed clean you can restore a data back-up pre the point of the hacking. Having one back-up is great but a general rule of thumb for those able to follow it is the 3-2-1 rule. Three copies of your data (production and two back-ups), two different back-up types (external hard drive and server), one off-site back-up for emergency recovery.
For most the above five points will be obvious and that is a good thing. But it’s less about only knowing about the above points and more about implementing them to ensure you and your law firm are secure. Remember, cyber attacks are a numbers game. If you’re being targeted by a state backed hacker group then regardless of what you do, you will most like be compromised unless you have the mountain sized budget to hire cyber security experts and infrastructure technicians. But most hackings are this, most are hackers throwing a wide net of malware in the hope that one firm isn’t doing any of the above and when they get caught. They go after them. The above point will help you and your business stay secure because it means hackers then must spend longer and more resources on trying to break in, and the long they stay. The higher the risk they will get caught and found.