Skip to content

The Biggest Security Threat To Your Firm

by SimpleLaw on

Data security is of ever-growing importance. Especially now, one year in to COVID and the transfer of life from in-person to online. And let's face it. It's not likely to go back to what it used to be, 100%. One of the silver linings of the COVID experience is the push, some would say shove, to those who hadn't yet adopted cloud-based technology to do so. From e-Signature (the #1 most needed tech according to attorneys in 2020) to virtual meetings (like Zoom or Teams), adoption has jumped for specific task-oriented needs. The lag is still seen in the adoption of case management software.  However, as firms adopt individual solutions, it leads to great overall interest and adoption. 

With all this data online, the need to focus on security is higher than ever. The truth of the matter is one of the biggest threats to your law firm is, well, you. 

Security Updates

You know those updates that your browser wants you to process? The App updates you put to the side to do later? Well, it's time to stop putting those off. Those updates more often than not include security patches for known risks. We know it can be a hassle to take the time out of working to get those updates installed and activated. But truly, there is very little more important than that. 

Be sure you have notifications or auto-updates on for your apps, browser, and software you use. When you get that notification, install those updates as soon as possible. While it's true that these patches only address known risks and issues, if your data hasn't yet been compromised by that risk, it's protected. You control the implementation of these patches and therefore the protection of your data.

Human Error 

This is a big catch all. We'll take these one at a time.

Phishing

Not everything is as it appears. Phishing is an email or these days, a text (called smishing for SMS messages) that is misleading and triggers some malware or activates data access to the sender. If you don't know the sender, be cautious about clicking on anything.

Look at the sender email address. Our eyes have a tendency to 'fill in the gaps' and make things look right even if they are wrong. For example, an email address could be 'Hello@SimmpleLaw.com' which clearly is not spelled correctly, but how closely are you looking at that sender email address? Another tool is to mask the email address. So it may read 'Hello@SimpleLaw.com' but that is a masked address for some other address. To put it succinctly, be careful about your email and text interaction. Now, don't get us wrong. Email and text is on the rise for good reason - and enjoying higher open rates, too. All that is critical now more than ever to keep in touch and leverage the full power of the tech you choose to adopt. But you can still check out the information. Just copy/paste the link in to a new browser tab. See what shows up. Then if it's legit, click away. If the link looks suspicious, well, don't proceed. Same is true for text messages, too.

Wrong Email or Person

Data leaks don't have to be big. The simple act of sending information to someone can be tricky. Especially with the amount of time we are all spending communicating online. Check that email address... is it the right one? To the right person? If you are attaching anything, be sure to preview the send so you verify that the correct attachment is showing up. You'd be surprised how often this happens. Or maybe you wouldn't be surprised. Luckily, this generally doesn't cause a big data breach, depending on who and what you sent. But it's an easy one to address. Just verify before you hit that send button.

Simple Passwords and Sharing

You have been told this from day one. Don't share passwords and make sure the ones you create are complex. Many sites these days require specific lengths and characters, which helps. But the real game changer are the system generated ones... 20 random characters and impossible to memorize. But that's the point. To simplify the process, check out LastPass or DashLane or other password vaults. 

And remember, don't share passwords. Seriously.

Be sure to change your passwords from time to time, too. I recommend every 6 months at minimum. For those places where you store highly sensitive data, I recommend resetting it monthly. Staying one step ahead is the goal here. 

Malware 

Ok, this one can't be controlled by you. Malware, or some piece of code or software that has, unbeknownst to you, been installed on your device, causes either minor or major havoc. But in any case, it creates a data breach. The issue with malware is you likely don't even know you have it on your computer.

There are scanning tools you can use to check for known malware. One is MalwareBytes. There are many others out there, too. But to get the benefits, you have to use them. And by taking a proactive stance, at a minimum, you minimize the impact of the malware damage.

Hardware Security

A family friend went to work at a coffee shop, prior to COVID. Their phone and laptop was on the table when they got up quickly to grab a napkin, literally 3 feet away from their table. When they returned to the table, their phone was gone. Someone was just lurking around the coffee shop, waiting for the opportunity. It happens.

The loss of an actual piece of hardware - laptop, tablet, or phone - is another data breach source. True it doesn't happen as often as any of the above. But it certainly makes password security and complexity even more critical. 

You can't control all of the data security threats out there. But there are several important steps you can take to limit your risk. Take control of the things you can to protect your law firm, your clients, and your data. We always recommend checking in with your local Bar Association for their recommendations. Or check with your fellow attorneys. The key here is none of these recommendations require a lot of time. Just some attention and thoughtfulness. And trust us, you'll rest easier, too.