[BreachExchange] Cybersecurity 101 for Small Law Firm Lawyers

Inga Goddijn inga at riskbasedsecurity.com
Wed Jun 6 23:24:00 EDT 2018


https://www.mycase.com/blog/2018/06/cybersecurity-101-for-small-law-firm-lawyers/

Cybersecurity is an issue of great importance to small firm lawyers. This
is no great surprise, since lawyers have an obligation to preserve the
confidentiality of client information. And as lawyers increasingly move
their data into digital format, that obligation necessarily shifts to the
firm’s data stored online.

Small law firms take many different security precautions in the name of
client confidentiality. But, according to the most recent ABA Legal
Technology Survey Report, the types of security measures used vary greatly
from firm to firm. For example, the most common type of security tool used
by lawyers is email spam filters with 87% of lawyers using it. Next is
anti-spyware at 79%, firewall software at 77%, and pop-up blockers at 75%.

The Report’s data shows that lawyers take other types of security measures
as well, including mandating the use of passwords (71%), scanning
desktop/laptops for viruses(70%), scanning e-mails for viruses (69%),
scanning firm networks for viruses (64%), and using hardware firewalls
(57%).

Of course it’s one thing to track what other lawyers are doing to secure
their firm’s data, but knowing what security steps to take for your firm
can often prove to be challenging. Every law firm is different, and each
presents its own unique security concerns. It’s no easy task to sift
through all your options. So to save you some time, here are some easy
steps you can take today to immediately increase your law firm’s
cybersecurity.

Secure your online browsing

One of the simplest ways to increase security is to secure your online
browsing experience using browser extensions. HTTPS Everywhere – a browser
extension that is a joint project between the Electronic Frontier
Foundation and the Tor Project – does just that. When whitelisted websites
are visited, this add-on automatically rewrites HTTP links to HTTPS,
resulting in a more secure online browsing experience.

Also consider using the AdBlock extension. This multi-browser tool removes
ads (some of which can include code that tracks your browsing history and
raises other privacy concerns) from the websites and social media platforms
that you visit. Not only does AdBlock remove ads from your online
experience, it will also save you lots of time, since you’ll no longer have
to wait for the ads to load on the page.

Secure your online communication

These days, lawyers use electronic communication with their clients more
often than not. For decades now, unencrypted email has been the
communication tool of choice, but that’s beginning to change as more secure
methods of communication are becoming available. This is especially so
since the release of the ABA’s Formal Opinion 477 last year, in which the
Ethics Committee concluded that unencrypted email may not always be
sufficient for client communications. The Committee suggested that for
particularly sensitive matters, lawyers should consider using encrypted
email or online client portals, like those built into law practice
management software.

However, since that opinion was released, encrypted email has been called
into question after European researchers discovered major vulnerabilities
in the PGP email encryption standard most often used to encrypt email.
Fortunately secure client portals weren’t affected and continue to be a
secure and convenient way for small firm lawyers to communicate and
collaborate with their clients. So if you’re not already using them in your
law firm, maybe it’s time to start.

Secure your online accounts

And last, but definitely not least, make sure to secure all of your devices
– including all of your computers, smartphones and tablets – with strong
passwords. The easiest way to do this is to use a password manager such as
Lastpass, which will ensure that all of your smartphones and other devices
are password protected. These tools will store your passwords via encrypted
files – which you can then access from any device. They also automatically
populate sites that you visit with the correct passwords and can also
generate secure passwords for you.

Another important security measure law firms can take is to use two-factor
authentication for your online accounts. It’s an easy and powerful way to
protect your firm’s data because it adds an additional layer of security,
making it that much harder for unauthorized users to access your online
accounts.

So now that you know how to get started with securing your law firm’s data,
what are you waiting for? Download a few browser extensions, choose the
right client portal for your law firm’s communication and collaboration,
and rest easy knowing that you’re already taking key steps to secure your
law firm’s data and protect your confidential client information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180606/4770f19b/attachment.html>


More information about the BreachExchange mailing list