October is Cybersecurity awareness month. The cybersecurity month theme for 2020 is “Do Your Part. #BeCyberSmart.” To help promote Cybersecurity Awareness Month among the legal community as we continue to navigate a global pandemic, we put together 3 tips to help you keep your data safe.

Related: What Law Firms Should Know about Phishing and Smishing

Ransomware Protection Is Imperative

Recently, Seyfarth Shaw, an Am Law 100 firm, dealt with a ransomware attack. While no client data was lost, the incident highlights the importance of all law firms having ransomware protection in place. According to an article published by Above The Law, Seyfarth’s practice areas include advising clients on cybersecurity, data privacy, and compliance matters. If law firms that understand the importance of cybersecurity can become the target of such attacks despite being well-aware of and prepared for the possibility of it occurring, imagine what could happen to a much smaller entity.

Cybersecurity is no longer just about protecting your hard drive from a virus that might corrupt it or wipe its contents. Ransomware is an authentic concern for law offices, regardless of their size or practice areas. Besides holding law firm and client data for ransom, there are concerns that law firms may face. Krebs on Security reported that ransomware victims could be fined by the federal government if the money they pay goes to a country penalized by an economic sanction.

Get expert advice. Your ransomware protection needs will vary based on your practice. It is worth the investment in time, finances, and resources to ensure that your firm data and client data are properly protected from ransomware.  

Keep All Software and Operating System Up-to-Date

Two of the key focuses for 2020’s Cybersecurity Month are “If You Connect It, Protect It” and “Securing Devices at Home and at Work.” While many antivirus programs on our computers, cell phones, and tablets automatically update, some don’t. It’s important to make sure that whatever antivirus software you use is up-to-date. You should also make sure that it scans your device on a regular basis. Not all do this unless it is scheduled to do so.

On that same note, it is important to ensure that your operating system is up-to-date. Keeping your operating system up-to-date helps minimize the risk of backdoors and other bugs that could be used to access your system.

Use Cybersecurity Awareness Best Practices

Cybersecurity Awareness Month can seem terrifying. The good news is that by using some cybersecurity best practices, you can secure your law firm devices and personal devices to reduce your risk. Here are some cybersecurity best practices you can adopt.

• Use a secured password. Gone are the days where we could use the same password for every site. Frankly, we never should have done that. A secured password can help all of your accounts. This is particularly important for attorneys since there’s a a good chance you have at least one log-in to a SaaS that stores either sensitive law firm information or client information. Websites such as LastPass can make it easier for you to remember complex secured passwords.
• Use two-factor authentication (2FA) to log-in where possible. A simple example of 2FA is Amazon’s opportunity it gives for the system to text you a special code to finish logging in. Another example is Google Authenticator. You can download the app to your phone. Other apps, including Facebook, allow you to choose Google Authenticator as your 2FA. When you log-in from your app or even on a browser, you must launch Google Authenticator and enter the number shown.
• Understand how to identify phishing attempts. Phishing is an attempt to get information from you via email. It could be an attempt to gain financial credentials, such as credit card or banking information, or log-in credentials. They can look quite convincing.
• Understand smishing and never respond to it. Smishing can be quite concerning because most of us do not easily give out our cell phone numbers. If we get a text stating that we owe money, it could make us think twice. Smishing is the SMS version of phishing. Clicking a link via text or MMS message stating that you owe money could expose your payment information to a thief.
• Don’t inadvertently expose the answers to your security questions online. Many of the online “getting to know you” quizzes that ask about your first job, first pet, favorite teacher, and favorite food do nothing more than act as a way for someone to get the answers to your security questions. Because many people use the same password (and security questions and answers) on every site, these “online quizzes” can result in big problems.
• Use a firewall. The FCC recommends that all small businesses use a firewall to help protect themselves against cyberattacks. If you have employees or contractors working from home, they should be encouraged to use a firewall as well.
• Have a BYOD policy. BYOD is an acronym that means “bring your own device.” Even if your office is virtual and you rely fully on remote employees or contractors, it is important to decide whether it is appropriate for employees or contractors to use their personal devices to work on law firm projects. Of course, this could vary from position to position.
• Back up all data on a regular basis. There are many affordable providers for automatic backing up for both law firm data and personal data. You may opt to manually back up your personal data to OneDrive, Google Drive, or a similar cloud. Keeping a back up is essential.
• Install and use anti-malware software on all devices. Most anti-virus software options also provide anti-malware services. However, you should review the specs of what you use to ensure your devices are properly protected.
• Document your cybersecurity policies. As a law firm, not only as this practical, but it could become necessary as a guide to training new employees or contractors. It can also act as a reference tool for determining your risk as new cybersecurity threats arise.

Cybersecurity Awareness Is More Important Than Ever

With more law firms working from home, cybersecurity awareness is more important than ever. By following cybersecurity best practices, you can better protect your data!