5 Key Cyber security Practices
New York is the first state requiring cybersecurity continuing legal education (CLE) for attorneys. While it's only one credit at the moment, it's a great start. And we do believe other states will quickly follow suit. However, the need for awareness is there, CLE requirement or not. With the broad acceptance and practice of hybrid work locations, it's more important than ever. So whether required or not, it's critical to educate yourself and your firm. Here are 5 key cybersecurity practices.
Use Strong Passwords
We know this is kind of a basic idea here. But it is critical. A strong password contains the following elements:
- Mix of lower and uppercase letters
- At least one special character, like & or *
- At least one number
- Minimum length of 10 characters
Make sure the password is not easily guessed. So using your address - 55WMainSt. - satisfies the requirements, if it is your actual address, it is easily guessed. Make sure the password is random and not identifiable based on your public information. Remember to change your passwords every few months. Do not go longer than 6 months without changing your passwords. That's true for all of your online activity.
Sensitive Data and Public Wifi
We are big fans of having wifi easily accessible wherever we go. But remember, if it is sensitive data, be very wary of public wifi. Scrolling Instagram? No problem. Working on a settlement? Not so much. Using your home network, when it's secure, is best. Make sure your home system is password protected, using the same guidelines as above. Not sure how to reset your password for your home wifi? Call your provider or check out their website.
The key here is to be careful. It's great to be able to work from anywhere. But make sure you are using secure networks. Consider using your mobile phone as a hotspot. Make sure the password is secure. Yeah, we know we keep repeating that but it's key. Contact your mobile phone provider to see if you have hotspot capability. If so and you work on the go, it's well worth the investment.
Check Your Software Providers
If you are using software platforms that are cloud-based, like SimpleLaw, check with the provider on their security features. Some key elements to consider:
- Data encryption, both when moving and at rest
- 24/7 monitoring for cybersecurity threats
- Multifactor authentification
- Session time-out automation
- Proactive third-party testing
- International data security certification
No matter the cloud-based provider, it's good to check on their data security standards. If you have questions, contact your provider. It's in the best interest of all providers to ensure their users are secure. We would be surprised if you found any legal technology provider that is not up to snuff in terms of data security. But it is worth verifying.
Links and Email Attachments
Boy, we cannot emphasize enough that this is a big risk. And it is easily fallen for. If the email doesn't look familiar, do not click on any links or attachments. Even if the email address looks familiar, check on the spelling. This is an often used trick for cyberattacks. An email is sent, seemingly from someone you know, with a slight misspelling that is easily missed.
Email providers provide advanced scanning systems that catch a lot of spam or questionable emails. But if something does sneak through, check it. Look at the url the email is being sent from. Do a Google search on that url. If you aren't sure, take the time to check it.
Don't Share Sensitive Information
Keep your login information private. Do not share logins with others. If you get an email or phone call asking for login information to verify your account or any other excuse, do not provide it. You can proactively call the company or visit their website and chat with them and let them know you received the request.
While there is much more to learn, choosing the right software partners goes a long way to protecting your data. The Federal Trade Commission offers several resources that provide additional insight and training. Check out their resources and familiarize yourself with best practices. And most importantly, put them to work.