All small to medium-sized businesses have security threats, but law firms have very special considerations when it comes to privacy and protecting their network. You have many rules and regulations that dictate how you protect your law firm, from the American Bar Association Cybersecurity Handbook to governmental oversight such as HIPAA laws.
Fortunately, Integris is providing this simple do it yourself seven-question quiz so you can evaluate your own practice and see where you stand. Does your law firm pass the test?
#1—Does Your Law Firm Provide Cybersecurity Awareness Training for All Staff?
Alarmingly, in 2020, the ABA reported that about 40 percent of its law firms had reported they’d had some kind of security breach, with the highest number at firms above 49 employees. If it hasn’t happened to your firm yet, give it time. Ransomware, phishing attacks and more could be coming for you.
Your staff is your biggest asset, but also your largest cybersecurity threat. Make sure your internal IT department is conducting regular cybersecurity trainings and simulated phishing attacks.
Hanging posters, like this free one from Integris, will remind your employees to keep their eyes open for cybersecurity threats. Teach your employees not to click on links in emails from people they don’t know, find the source of news rather than click on links in social media, and store password information away from where thieves might be likely to see it. When it comes to best practices, a little goes a long way.
#2—Does Your Organization Have Strong Password Requirements?
Do your employees know not to reuse their passwords over multiple sites? Or not to put sticky notes with their passwords on their monitors? Or not to carry around password books that can be stolen with their laptops?
If an employee has done this, and their passwords fall into the wrong hands, a large scale breach will most likely be the result. Your employee just opened the front door to your systems and invited the hacker in for lunch. The only way to stop this large scale breach is by encouraging your employees to use complex passwords, auto-generated by a password manager application like 1Password. Password managers not only generate different secure passwords for each application, they remember the passwords for the apps so the employee isn’t practicing risky behavior like jotting down passwords on sticky notes. These password managers also allow your employees to share access to personal files with other team members, without giving up the security of their password.
#3—Do You Protect Your Law Firm with Updated Software?
Your devices are only as secure as your least protected device. Your security patches may be updated on multiple devices and machines, but the one that you forgot will be the weakest link.
One way to track updates is to use a device checklist, like this free one from Integris. This list allows you to have a record of all devices, who is using the device, what permissions they have, and when updates are due or completed, among other things. Constant updates can be annoying, but employees who delay on their updates can allow hackers to slip into the place in between, what we can a “zero-day exploit.” Remember, all it takes is one act of negligence to give hackers an in. Make frequent software updates mandatory in your organization.
#4—Does Your Law Firm Require Multi-factor Authentication and Dual Approval to Access Your Network?
Using single sign on, multi-factor authentication tools like Duo can lock down your personal information and make it significantly harder for bad actors to compromise your accounts and information. A combination of a device login pushes, texts and passwords is a great first step. Teach your employees never to give out passwords or other authentication codes through email. Even if a request comes in from the IT department or another trusted source, teach them the importance of calling first to confirm the request is real. Want to learn more about it? Check out latest blog about what single sign logins can do for your cyber security. Want to see how you could have the latest login tech—passwordless security? Take a look at our recent blog on the promise of passwordless logins.
#5—Is Your Security Multi-Layered?
Companies that have the best anti-virus platform are the ones that have multiple, overlapping forms of security. Unfortunately, many law-firms only have one or two out-of-the-box solutions, and stop at that. In fact, a recent report from the American Bar Association showed that only 43% of respondents use file encryption, 39% use email encryption, and only 26% use whole/full disk encryption. Other security tools used by less than 50% of respondents are two-factor authentication (39%), intrusion prevention (29%), intrusion detection (29%), remote device management (28%), device recovery (27%), web filtering (26%), employee monitoring (23%), and biometric login (12%).
Too many law firms feel that high-end cybersecurity is something only major firms can afford. In fact, there’s plenty of affordable tools out there designed to work for smaller firms. Perhaps the most important part of your security plan is simply thinking strategically about how your data is stored and retrieved, how users encounter firewalls, and more. With the right IT consulting help, these questions are easy to answer—and important, especially considering the liability a law firm can face when privileged client data gets breached.
#6—Does Your Law Firm Have Disaster Recovery Backup?
What happens in the event of a fire, flood, or ransomware attack? Are there backups? Where are the backups stored? Are they stored in the cloud or offsite? How fast can you access and restore files once a disaster happens? Can you even answer the question? Having a security plan also means thinking strategically about how your information travels over your networks, the web, and between employees/clients.
#7—Is Your Law Firm Partnered with a Reliable Managed Services Provider?
A managed services provider (MSP) like Integris can act as a “buffer” between your legal practice and compliance violations. In short, if you have an agreement with an IT services provider and a breach occurs, the courts will be more lenient on you if you can prove you have taken good-faith measures to protect your law firm, such as hiring an MSP. If you have internal IT staffers, opting for a co-managed services platform is a great choice to make sure your existing IT department is fully able to secure your network, while also ensuring you’re getting the latest security patches and proactive system planning.
Make sure to choose a company like Integris that has experience with protecting legal practices and working with your existing legal software!
Did You Pass?
If you were able to check these questions with a firm “yes,” you are well on your way to having a secure network. If you didn’t, you need an IT audit to help you understand your vulnerabilities and how to bridge the gaps in your IT strategy. Integris offers a comprehensive audit, free of charge and with no obligation, for any legal firm looking to strengthen its network security, functionality, and efficiency. Looking for more information? Take a look at our managed services for law firms. We’d love to help you!
Meanwhile, you learn how to build a cybersecurity foundation for your law firm by reading our latest free resource, the Step-by-Step Guide for Creating and Effective Cybersecurity Plan. Check it out!