Every lawyer that has a busy practice has a thousand things to worry about every day of the week. It is easy to let the day-to-day chaos of a law office over-shadow the importance of protecting the data in your servers from both accidental and intentional loss. But there are certain best practices that will make worrying about data breaches less of a concern.
Intentional data breaches happen all the time. A recent study has indicated that approximately 60 separate sensitive and confidential records are stolen and lost every second every day. Further, the world-wide total cost of an average data breach is $3.86 million. This number is a 6.4 percent increase in costs over last year’s average. As intentional data breaches are increasing every year and law firms need to increase their efforts to stop them.
What’s in a password?
So, what are the basics of protecting the confidential information of clients and a law firm’s internal business data?
First and foremost is having a robust password. Google advises its users to follow several best practices. The password should be unique and eight characters or more. The password should be a combination of letters, numbers and characters. Creating a memorable phrase using various numbers and characters that replace letters will allow the password to be easily memorized without having to write it down, which is also not recommended.
For example, instead of using the letter “S,” replace it with the “$” symbol. The same can be done with the letter “E” being replaced with the number “3.” Also, do not use personal information or common words or numbers such a birth dates or addresses that can be easily discovered and used to break a password.
It is recommended that lawyers change passwords often -- at least once every six months but it is even better to change them every three months.
The next major technique used by hackers to sneak into a law firms’ database is something called “phishing” or more specifically called “spear-fishing.” Phishing involves a hacker sending out millions of emails in order to catch an unsuspecting person to trigger the trap and give access to their computer. Spear-fishing uses the same technique but involves a laser focus on one employee. Once that employee opens an infected email or file attachment, then the trap is sprung.
The best way to prevent spear-fishing is to train employees to report any suspicious emails and to not open any file attachments that come from an untrusted source.
A new trend in online security protection is to plan on the inevitable happening and purchasing cyber insurance. Cyber insurance will pay for the cost of a security breach. Further, the insurance company might require certain protections and practices to be implemented before a policy can be issued.