(This is a summary of an article written for TLOMA Today: 5 Things Your Law Firm Can do Right Now to Improve Cybersecurity)
Cybersecurity has a reputation for being expensive. The belief is that you need to spend a lot of money to be secure. Fortunately, there are 5 things your firm can do right now to improve your cybersecurity posture without breaking your bank account.
1. Use a Password Manager
Weak passwords are the number one weakness contributing to security breaches.
A password manager can help avoid the problem of weak passwords. They work by storing a list of passwords in a secure and encrypted database. Users tend to create weak passwords or re-use them because they can’t remember a unique password for every system. Some password managers also have a feature that will create strong passwords and store them for you. By ensuring your team is using a password manager, you ensure that the passwords used in your work environment are unique and less prone to being guessed.
2. Implement Multifactor Authentication (MFA)
The easiest way to explain multifactor authentication is by the phrase “something you know, something you have, and something you are.” A password, combined with either a one-time code or biometric scan is a better way of authenticating a user than a password alone.
The major benefits of implementing multifactor authentication are:
• Reduces password-only risks: even if someone steals your password, they still need the 2nd factor
• Early warning system: you’ll be notified if someone is trying to use your account
• Significantly increases your security by reducing the risk of unauthorized access
• Provides better controls over who can access your data
According to Microsoft, users who implement MFA on their accounts end up blocking 99.9% of attacks. That is the best reason by far to use it!
3. Mandate Cyber Awareness Training for all
Cyber awareness training is a must in today’s connected workforce. Everybody who uses a computer at your firm needs to take cyber awareness training.
The goal of cyber awareness training is to ensure that staff:
• Know what behaviours are expected of them and why so they can make educated decisions when online
• Help employees adopt a positive attitude towards cyber security, so they can be part of the solution
• Are aware of the cyber risks that are out there and are also aware of the available safeguards within the company
4. Have Endpoint security in place
Endpoints are how your users access your company network and your company data. Some examples of endpoints include desktops, laptops, smartphones, tablets, servers, workstations, and even Internet-of-things (IoT) devices. In many small organizations, a lot of sensitive data is stored directly on the endpoints. That is why it is important to secure the endpoints, as they are frequently compromised by viruses, worms, malware, and ransomware. Additionally, any staff working from home accessing corporate resources from personal devices also requires endpoint protection to protect your firm’s network.
5. Know your data and back up that data regularly
Before you can back up any critical data, you need to know what data you have and where that data is stored. It is important to build good data management practices such as naming and cataloging conventions.
When it comes to backing up your data, one of the best practices to consider is a 3-2-1 Methodology. This involves making 3 copies of your data, using 2 types of storage methods with 1 copy being offsite and offline. You should also encrypt your backups. Remember, local backups are great for convenience to quickly restore from, however, they are also targeted when ransomware strikes. You should also test your backups periodically to make sure that you can restore your data from them.
Cybersecurity is critical to the health of any law firm. By following the five steps highlighted above, you will not only help protect your data, but it can help save you money and your reputation. The good news is that these 5 steps are not difficult or expensive to implement. Contact Quick Intelligence to help strengthen your law firm's cybersecurity.