Given that Cima’s IT Managed Services works closely with those in the legal industry, I have decided to write about technology trends and certain recommendations that law firms should apply. While security is top of mind with all of our clients, we find our law firms to be the most diligent. With law firms, reputation is everything. And a security breach, of any kind, can cause a major dent in that established reputation. To protect your firm, and further, your reputation long-term, we recommend the SMART approach:
Security Awareness Training:
As smart as lawyers are, the reality is that the scammer on the other side has the potential to match wits. They don’t need the most tech savvy person in the law firm to take the bait - they just need one person. To better equip your firm, an advanced security awareness training program is suggested. This specific training should consist of phishing simulations, courses on IT and security best practices, compliance awareness, and data protection.
Manage your Passwords:
You may have heard of the “dark web”. User IDs and passwords are trafficked for cryptocurrency, which allows scammers to retrieve your passwords and not have it traced back to them. A quick search at Have I Been Pwned will tell you if your user ID or password is out in the dark web. The best way to combat that is to change your password regularly; we recommend once a month. Because we know there’s nothing more frustrating than forgetting your password, we also recommend a password management tool such as LastPass.
Advanced Threat Protection:
Microsoft’s Office 365 Business Premium has become the standard for law firms. Even with the security and protection capabilities inherent in the base product, the reality is that cybercriminals are constantly adapting in order to get the breach. That’s why we recommend adding Microsoft’s Advanced Threat Protection to your o365 subscription. With Advanced Threat Protection, you protect your mailboxes, files, online storage, and applications against new, sophisticated attacks in real time.
Review your IT Infrastructure:
We recommend proactively looking at your infrastructure and identifying problem spots before they happen. An annual security audit will serve multiple purposes, it provides you the assurance that the systems you have in place are working and it allows you the ability to address potential “fires” before they occur.
Two Factor Authentication:
Let’s say you’ve changed your password, but somehow the scammer has figured it out and is trying to log in to your computer/email/application. This is where Two Factor Authentication (2FA, sometimes called Multi-Factor Authentication or MFA) gets to work. If someone is trying to log on to your application or device, you get a text or a notification to an authentication application alerting you. Here you can deny the request and subsequently change your password. We recommend applying 2FA, not only to your business apps and devices, but also to your personal apps (i.e. Facebook,Twitter, iPhone, etc.)
The plan for my next few blog posts is to discuss the relevancy and necessity of IT in law firms. Stay tuned for more!