Cyber-terrorism, electronic privacy invasion, code breaking, network attack, black hats, criminal hacking. Call it what you will, computer crime is as varied as it is common. Whether it be naked photos of Jennifer Lawrence, or the personal and financial records of your firm and clients being unlawfully accessed; “getting hacked” can have potentially devastating ramifications.
Hacking is an attack on the privacy of an individual or an entity. According to one study carried out by McAfee, the worldwide financial cost of cyber crime is estimated to be $445 billion each year. (http://en.wikipedia.org/wiki/Computer_crime).
If reputable companies such as Linkedin and eHarmony can be compromised (in June 2012 they were attacked with 1.5 million user passwords being posted online) what steps should be taken to protect the privacy of your Law Firm and clients?
Get Your Data Encrypted
Data Encryption involves translating data into a private code. Hackers will often target long-held client or employee information (“resting data”) such as credit card details, bank routing numbers or social security numbers. (http://www.entrepreneur.com/article/225468) This is the type of data that you should consider encryption for.
A privacy breach of these type of details could be catastrophic for any firm, large or small, no doubt sending panicked clients taking their business elsewhere. Check out this information article on Forbes for advice to business owners regarding data encryption. (http://www.forbes.com/sites/drewhendricks/2014/09/30/how-to-encrypt-your-business-data-for-optimal-security/)
Set Guidelines for Company Passwords
According to SplashData the top three passwords for 2013 were unchanged from the year before. “123456”, “password” and “12345678” remained the most popular choices, illustrating how vulnerable poor password choice can leave a firm. (http://www.cbsnews.com/news/the-25-most-common-passwords-of-2013/). It is important to set company policy to ensure that partners and employees use lengthy and randomized passwords as a deterrent to hack attacks.
Avoid Public Networks
As tempting as it may be to take your laptop down to your favorite cafe or local McDonalds for a change of environment, this should ideally be avoided when working with sensitive information. Even if you are not using a public computer as such, your personal laptop or smart-phone becomes more exposed to attack when in a public WiFi area.
If use of public networks is unavoidable however consider tips from Microsoft such as checking the security level of the network and disabling the WiFi connection when you are on your computer but not actually using the internet for that moment. For more information refer to (http://www.microsoft.com/security/online-privacy/public-wireless.aspx)
Forewarned is forearmed. Investing the time to research common techniques and tactics of cyber criminals could go a long way to avoiding security breaches. Circulating an “Online Security Tips” memo to increase staff awareness would be well advised. Take the time to read those emails from your bank and other financial institutions to learn of hoaxes and threats that they have uncovered. This might be all it takes to avoid falling victem yourself.
Get Advised of Current Threats
If your firm is large enough to employ an IT company make sure they keep you well advised regarding recent hoaxes and current security threats. If you can afford an IT specialist it is likely money well spent. If the budget does not allow this however, perhaps nominate somebody within the company to take on this role.
It would be the responsibility of the nominated staff member to keep up-to-date on current cyber-security issues. Checking in to the USA Official website of the Department of Homeland Security (see link) as a part of your morning routine would be a good place to start (https://www.us-cert.gov/ncas).
Diligence and good corporate policies will go a long way when it comes to protecting the integrity of your firms digital assets. Nobody wants to deal with the fallout that would follow a cyber security breach. Better to build those walls before an attack than to wait until the damage has already been done.