Cyber hygiene has never been more important than it is now, with law offices operating remotely and relying on email, Zoom meetings, cloud computing and the Internet to keep the work flowing.
Making matters worse, many law firm employees are unaccustomed to working from home and untrained in best practices for cybersecurity.
All of which has cyber criminals licking their chops.
“Hackers love exploiting weakness and they know the entire world is distracted,” says a data security lawyer in this article for Law.com.
That’s why it’s a good idea to bookmark this website for the Cyber Readiness Institute and download this checklist on safe remote-work practices.
Protect yourself in these uncertain times with Alta Pro Insurance. When you have professional liability coverage with Alta Pro, you get access to cutting-edge practice management resources like the Pro Practice Playbook, Reminger ProLink, and Ask the Risk Pro. Here’s how to start enjoying your benefits.
Securing a Remote Workforce
Here are pointers from the Cyber Readiness Institute:
Passwords. (a) Ensure that the home router password is not easily guessed and does not include your address or personal names. (b) Enable multi-factor authentication (password + one other requirement such as a text message) whenever possible, including access to critical data in cloud applications used for data and document sharing.
Patches. (a) Operating system security patches must be up-to-date. (b) Require employees to have their operating systems set to automatically update. (c) Remind employees — weekly — to accept all relevant security patches.
Phishing. (a) Always “mouse” over the email sender’s name to determine the sender’s true origin to ensure the sender’s name is not fraudulent. (b) Most individual ransomware emails are fake. If you can, ensure that you have the emails verified by a security professional before responding. (c) Every company should identify a point of contact within the company whom every employee should contact when he/she receives a phishing email or individual ransomware. This awareness and communication will inform employees of current tactics of malicious actors.
Social distancing online. (a) Limit the amount of personal data that you are sharing on social media to reduce your threat landscape. (b) Share all data via online secure cloud applications. USB memory sticks should not be used to share data as they can spread malware.
Here are some other pointers – both for you and your clients – from from MP McQueen and Law.com:
1. Make sure your organization’s information technology department has support.
2. Make sure there is enough equipment for remote workers, and that it is properly configured with security software to ensure that data accessed on it remains secure.
3. Work with security experts to establish, or reinforce, policies around the use of company equipment and network access.
4. Consider that in some instances, it may be better to have some nonessential personnel take leave rather than work remotely.
5. Warn all employees about the heightened risk of phishing, malware and other cyber threats connected to the COVID-19 outbreak.
6. In cooperation with chief information security officers and chief security officers, review contracts with vendors, clients and customers with respect to cybersecurity.
7. Print out a list of internal and external emergency contacts and have them ready in case of a data breach or another emergency.
A final takeaway: purchase a cyber liability insurance policy. Get more info here.
If you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan, you can stay a step ahead of the competition by being a member of Alta Pro Lawyers RPG. You’ll get access to free webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.