October is Cybersecurity Awareness Month! Here are tips to help make sure your data remains secure, your clients remain happy, and you remain ethically compliant.
Believe it or not, as I sat down to write this tip to contribute, I received a spoofed email from a colleague. It looked like it was sent from someone in my organization, but in fact, it was sent from a different email address. As you can see below, there were a number of telltale signs of spoofing. Based on my understanding of it, this was an attempt to get me and other recipients to trust this email address so that it could later fill my inbox with spam advertising, capture my personal information or even impersonate me.
Lesson: Be suspicious of every email you receive.
- Always review email message headers and check email addresses by hovering your mouse over the address. Do the same with links before clicking them. Note that your mobile email interface might make it more difficult to assess the email source so proceed with extra caution accordingly.
- Be wary of any email that expresses urgency.
- Never provide any confidential or personal information when requested to do so via email, particularly if you were not expecting to do so.
Remember, strong passwords are your best protection against any unwanted access to your data. It continues to amaze me that every year the most commonly used passwords remain unchanged and include “123456,” “password,” “qwerty” and “admin.” If you are using one of those passwords, please stop now! Find tips for strong, unique passwords here. You can test the strength of yours at howsecureismypassword.net.
The best way to create unique passwords for each service you use — and to remember those passwords — is with a password manager such as 1Password or LastPass. When you use the same username and password for multiple services, if one service is compromised, then all of your services may be compromised. To check whether a service you’ve used has been compromised, go to Have I Been Pwned? If so, change your passwords associated that username and email.
It’s an unpleasant thought — but you need to recognize that your valued employees are your biggest cybersecurity risk.
“We know this because we regularly see data breaches and ransomware infections caused by click-happy employees. You also have rogue employees determined to use their own devices, go where they want on the Internet, irrespective of firm policies. When we train them, they tell us that they are scared – and you know what? That means we did our job. One of the great fallacies that employees believe is sometimes called “The IT Shepherd” – they simply have faith that the flock (employees) is protected no matter what they do by the shepherd (technology). You need to make them understand that no technological defenses are ironclad.”
Get Security Awareness Training for Law Firm Employees here from Sharon Nelson and John W. Simek of Sensei Enterprises.
We’ve compiled the rest of our Top Digital Data Security Tips here in the second post of a 3-part data security series, which we introduced with an Update on the Massachusetts Data Privacy Laws. Read the full post for more on:
- Two-Factor Authentication
- Computer Updates
- Secured Networks
- Vetting Providers
- Policy and Training
Best Practices for Law Firm Data Security and Client File Privacy can help you find additional steps to avoid risks and meet ethics obligations, right along with these 5 Steps to Minimize Data Breach Risks in Your Law Practice.
And finally, you can find more on the cybersecurity vigilance tips offered by the other experts in the full post on Attorney at Work:
- Practice safe browsing
- Don’t lock yourself our of your own data
- Monitor the Dark Web
- Stop distracted clicking
- Follow proactive prevention steps
- Step up your data security