Dave Kinsey 0000-00-00 00:00:00
Is Your Firm Really Protecting Client Data? As computer technology around us continues to advance, so too does the development of opportunities for the bad guys to infect and hack into your systems. The number of stories in the news about cybercrimes is frightening, and law firms could be an easy target. The FBI Warns Law Firms Of Their Exposure Bloomberg reported in January that the FBI has warned law firms that criminals see them as back doors to data of their corporate clients. “As financial institutions…become stronger, a hacker can hit a law firm and it’s a much, much easier quarry,” said Mary Galligan, head of the cyber division in the New York City office of the U.S. Federal Bureau of Investigation. Mandiant estimates that 80 major law firms were hacked last year. Hackers can gain access to your firm’s data in several ways, including weak passwords, phishing emails and cloud storage systems. Six Ways You Can Reduce Your Risk Have you taken appropriate steps to meet your fiduciary duty in protecting confidential client information? Avoid having to inform your clients that their personal information may have been compromised. Get serious about security now rather than waiting for an incident. Consider implementing the following guidelines to reduce your risk. 1. Implement policy at your firm regarding passwords. Passwords should be stored using safe up-to-date systems that store the passwords in encrypted format. Consider policies at your firm that enforce long and complex passwords that are difficult to guess and forbid password sharing. Ensure that your accounts are locked out after a reasonable number of bad login attempts. Avoid setting password reminders that are easy to decipher (as these password reminders are easier for hackers to locate). And of course never write down your password on a sticky note and tape it to your laptop! 2. Take appropriate precautions with tablets and phones. Tablets and phones that your staff uses for business purposes can also be vehicles for cybercrime, as they are easily stolen. Protect these systems with passwords. Additionally, remote wiping capability exists for systems that have been stolen. This works best and most reliably with the latest devices and software connecting to the most current version of Microsoft Exchange. 3. Be very careful about what you are storing in the cloud. Hackers, malware, and spyware remain serious issues for cloud environments, so you should review the security and encryption policies of your cloud provider. Be especially careful with password selection and storage for cloud accounts. Ensure that the transfer and storage of files are fully encrypted. The popular service dropbox provides assurances of encrypted data transfer and storage, yet they continue to receive a lot of bad press regarding security breaches. Be particularly careful about what you are doing with these services. 4. Stay current. Ensure that your network and computers are regularly patched. Security holes are regularly uncovered and software updates are released to plug those holes. Deploying good, regularly updated anti-virus/malware is also a good logical step and should be part of your security strategy. 5. Employ a network-based security layer. Web content filtering technology substantially enhances protection by eliminating connections between your network and the most likely malware sources. Known distribution sites for malware can be blocked by sophisticated network devices, effectively preventing malware from reaching your systems. Be sure your subscription is routinely updated. I’ve seen far too many expensive network security devices that are either misconfigured or do not have proper subscriptions making them virtually worthless. 6. Be aware of malware and ransomware precautions. Most viruses and spyware are inadvertently installed by system users. Educate your employees on proper precautions: a. Don’t click on links from emails you don’t recognize. b. Never provide personal information or pay money in response to phishing emails or ransomware such as Reveton or Citadel. c. Be aware that even if it appears that your computer is operating normally, malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs. Review Your Firm’s Security Systems Routinely Security should be a significant consideration in your technology planning and review. Technology changes rapidly, and so what worked a couple of years ago may not be the best system today.
Published by Target Market Media . View All Articles.
This page can be found at http://digitaleditions.walsworthprintgroup.com/article/TECHNOLOGY/1210602/130629/article.html.