Easy cybersecurity tips for small firm lawyers

For lawyers in 2018, cybersecurity issues are a top concern. For many lawyers, the prospect of securing their firms data is a daunting one; not surprisingly, the security measures that are actually implemented in law firms can vary greatly, with different firms focusing on different aspects of cybersecurity. Even so, according to the 2017 ABA Legal Technology Survey Report, there are a few fairly common steps taken by most law firms. These include mandating the use of passwords (71%), scanning desktop/laptops for viruses(70%), scanning e-mails for viruses (69%), scanning firm networks for viruses (64%), and using hardware firewalls (57%). Other popular methods of addressing security concerns are the use of email spam filters (87%), anti-spyware (79%), firewall software (77%), and pop-up blockers (75%). With so many cybersecurity options available, what steps can you take today to increase your law firm's security? Every law firm is different - and each presents its own unique security concerns - but fortunately, there are a few simple steps you can take right now that will help to secure your law firm's data. ----- Update your law firm's software One of the easiest security measures to take is to regularly update the software programs installed on your firm's servers. Software updates often fix known security issues; if you fail to update your software, you may be unknowingly exposing all of your law firm's data to prying eyes. ----- Store law firm data in the cloud Good news for those of you who use cloud-based software for your law firm: You have one less thing to worry about! This is because your law firm software will be automatically updated by your provider, thus ensuring that it is always up-to-date and secure. Even better, when all of your law firm's data is safely backed up online in the cloud, you're protected from the spate of ransomware attacks that have plagued law firms in recent years (whereby hackers hold data stored on law firm computers or servers hostage) since none of your data is stored on your firm's local devices. ----- Use two-factor authentication Another important security measure to implement is two-factor authentication. When you enable two-factor authentication for your online accounts, it adds an additional layer of security. So whenever you log into your account from an unknown device, a code is texted to your cell phone, which you're then prompted to enter in order to access your account. This simple step makes it that much harder for unauthorized users to access your law firm's confidential data. ----- Secure online browsing Securing your online browsing experience is one more easy way to increase security. For starters, avoid using public WiFi and instead always use a secure data connection. One way to accomplish this is to tether your computer to your phone's data connection. Alternatively, invest in a portable wireless router that acts as a traveling WiFi hotspot - sometimes referred to as a MiFi - and connect to the internet using the hotspot's secure WiFi connection. Also, consider downloading the HTTPS Everywhere browser extension. This free tool is a joint project between the Electronic Frontier Foundation and the Tor Project and automatically rewrites HTTP links to HTTPS when you visit whitelisted sites, resulting in a more secure online browsing experience. ----- Password protect your devices One very important and simple step you can take is to secure all of your devices with strong passwords. The easiest way to do this is to use a password manager such as Lastpass or OnePass. These apps will store all of your passwords via encrypted files, and you'll be able to access the passwords from any device. These apps also automatically populate sites that you visit with the correct passwords and can also generate secure passwords for you. ----- Communicate securely And last, but not least, establish methods for secure, encrypted communication with clients. This is important because last year the ABA Ethics Committee released Formal Opinion 477, concluding that unencrypted email may not always be sufficient for client communications. The Committee suggested that for particularly sensitive matters, lawyers should consider using encrypted email or online client portals, like those built into law practice management software. However, after that opinion was released, encrypted email vulnerabilities were discovered by European researchers who announced that the PGP email encryption standard most often used to encrypt email was not fully secure. Fortunately there's another option to securely communicate with your clients: online client portals. These tools continue to offer a secure and convenient way for small firm lawyers to communicate and collaborate with their clients, so if you're not already using them in your law firm, it may be time to start. There you have it: lots of great ideas and tools you can implement today to get your law firm on the path to increased security. So what are you waiting for? Get to it! ----- Nicole Black is a director at MyCase.com, a cloud-based law practice management platform. She is also of counsel to Fiandach & Fiandach in Rochester and is a GigaOM Pro analyst. She is the author of the ABA book "Cloud Computing for Lawyers," coauthors the ABA book "Social Media for Lawyers: the Next Frontier," and co-authors "Criminal Law in New York," a West-Thomson treatise. She speaks regularly at conferences regarding the intersection of law and technology. She publishes three legal blogs and can be reached at niki@mycase.com. Published: Fri, Jun 22, 2018