Technology

How To Defend Your Practice

Battling cyber criminals in the legal profession requires a vigilant mindset.

By  
on

Ed. note: This is part two of a two-part series focused on how lawyers can better understand and reduce their exposure to the rapidly growing cybersecurity risks that exist in the legal sector.  Part one focused on the landscape of threats posed to the lawyers.  Here in part two, we will focus on practical measures that lawyers can take to reduce their threat profile. 

Fending off bad actors from corporate firewalls and mobile devices requires a security posture which can withstand sophisticated, global cyber criminals who are intent on stealing your data.  Beyond the layered defense of the IT department, there is much that individual practitioners can do to prevent hackers from getting what they want.

Understand breach exposure.  The first step in making it harder for hackers to get what they want is to be deliberate in your actions and how you protect your accounts.  The adage “knowledge is power” has a huge application here because knowing whether your information is circulating in cyberspace is critical.  There are sites like this one which can show if your data has been exposed and inform the level of care needed to prevent further exposure.  If you learn that you or your organization has been breached, immediately begin changing passwords if you are using the same password on multiple accounts.  The single password access to systems creates a deadly single point of failure.

Better passwords.  If your email addresses, user names, and passwords are exposed in a breach, a hacker can run a brute force attack to gain access or sell your credentials to the highest bidder. Always use strong passwords and change them frequently.  Password managers work as browser plug-ins and autofill credentials into websites and accounts, solving the issue of weak or old passwords.  Password managers can be free or you might decide that it’s worthwhile to invest in a feature-rich product.

Practice secure messaging. The same popular tools you’re using to communicate with friends and family are decidedly not the right ones for messaging clients.  Even with the available privacy and security settings enabled, the lack of control over the messages can prove detrimental when it comes time to establish attorney-client privilege.  Instead, consider messaging tools like Wickr or Signal which provide strong end-to-end encryption and can expire your messages within a timeframe you designate per recipient or communication.

Don’t be compromised by email.  Email addresses can be easily disguised, so look carefully to make sure the sender’s address reflects who they say they are in the subject line and body text, particularly if there is a request to open an attachment or submit information by clicking on a link.  Never open attachments from people you don’t know.  Operating systems like Mac OS X 10.5 Leopard and programs such as Malwarebytes can quarantine potentially unsafe files and later provide validation.  Without such measures, a quick visual scan can ensure the file description for an attachment lines up with what you are opening.

Beware of clickbait.  This old tactic of inserting a URL that sends you to a hacking site still works.  You don’t even have to click anything on the site before it starts loading malicious code onto your device.  Pretty soon, the malware has taken control of your files and can even penetrate the operating system and the underlying BIOS.  Clickbait links often have dramatic, sensationalist headlines to lure you into clicking on the link.  So, if the title sounds over the top or too good to be true, it’s probably best to stay away.

Sponsored

Practice safe connectivity.  It’s easy to log on to the free Wi-Fi at your local coffee shop or at the hotel or airport but what you save in data costs you may ultimately pay back in security. Use a mobile VPN to create a secure tunnel through the public WiFi connection, or tether from your phone’s data to connect your laptop.  If you must use an unprotected public Wi-Fi connection, don’t conduct any financial transactions or engage in privileged or sensitive communications.  Mobile device management (MDM) solutions can ban access to public Wi-Fi connections altogether.

Limit social media.  It should come as no surprise that social media sites are trolling territories for hackers.  Similarly, the reputational damages that can ensue for promoting personal viewpoints that overshare, reflect poorly on your employer, or prove off-putting to a prospective employer are not worth the “likes.”  Given these risks, it’s a smart idea for law firms to define best practices and policies related to safe social media use.  Individual practitioners should be cautious and deliberate when using social media, even when not required to adhere to a given policy.

Take greater precautions while abroad. If you have clients abroad, particularly in Asia or the Middle East, or if you have the travel bug and want to check in or lightly work while abroad, you will need to exercise caution.  In some countries, such as United Arab Emirates, Russia, China, and Turkey, it’s advisable to bring only “burner” (disposable) devices that contain no data while traveling.  Upon return to the United States, make sure your devices are wiped clean of all data and apps and reset to factory default settings before connecting them to your networks. In countries with a lower threat profile, encrypting all of your data will provide sufficient protection.  At a minimum, always use two-factor authentication and VPN connections when traveling abroad.

Make security a priority, not an afterthought.  Approaching security from a holistic manner by incorporating cutting-edge technology and thoughtful policies and practices takes ample time and investment.  Start with incremental changes that place security at the heart of your everyday interactions with colleagues and clients. By doing so, hackers may find that your data is too hard to get to and look elsewhere for their next target.

Sponsored

Jennifer DeTrani is General Counsel and EVP of Nisos Inc., a technology-enabled cybersecurity firm. She co-founded a secure messaging platform, Wickr Inc., where she served as General Counsel for five years. You can connect with Jennifer on Wickr (dtrain), LinkedIn, or by email at dtrain@nisos.com.

CRM Banner

Topics

, , ,