Online Security Basics for the Busy Lawyer

BY Jim Carroll

Online Security Basics for the Busy Lawyer


Every lawyer that has a busy practice has a thousand things to worry about every day of the week. It is easy to let the day-to-day chaos of a law office over-shadow the importance of protecting the data in your servers from both accidental and intentional loss. But there are certain best practices that will make worrying about data breaches less of a concern.

Intentional data breaches happen all the time. A recent study has indicated that approximately 60 separate sensitive and confidential records are stolen and lost every second every day. Further, the world-wide total cost of an average data breach is $3.86 million. This number is a 6.4 percent increase in costs over last year’s average. As intentional data breaches are increasing every year and law firms need to increase their efforts to stop them.

What’s in a password?

So, what are the basics of protecting the confidential information of clients and a law firm’s internal business data?

First and foremost is having a robust password. Google advises its users to follow several best practices. The password should be unique and eight characters or more. The password should be a combination of letters, numbers and characters. Creating a memorable phrase using various numbers and characters that replace letters will allow the password to be easily memorized without having to write it down, which is also not recommended.

For example, instead of using the letter “S,” replace it with the “$” symbol. The same can be done with the letter “E” being replaced with the number “3.” Also, do not use personal information or common words or numbers such a birth dates or addresses that can be easily discovered and used to break a password.

It is recommended that lawyers change passwords often -- at least once every six months but it is even better to change them every three months.

The next major technique used by hackers to sneak into a law firms’ database is something called “phishing” or more specifically called “spear-fishing.” Phishing involves a hacker sending out millions of emails in order to catch an unsuspecting person to trigger the trap and give access to their computer. Spear-fishing uses the same technique but involves a laser focus on one employee. Once that employee opens an infected email or file attachment, then the trap is sprung.

The best way to prevent spear-fishing is to train employees to report any suspicious emails and to not open any file attachments that come from an untrusted source.

A new trend in online security protection is to plan on the inevitable happening and purchasing cyber insurance. Cyber insurance will pay for the cost of a security breach. Further, the insurance company might require certain protections and practices to be implemented before a policy can be issued.

Jim Carroll

Jim Carroll is a contributor for Bigger Law Firm.


A canary generated by OpenAI's Dall-E

What Larry, the Hairy Canary Can Teach Us About ChatGPT’s Ability to Generate Unique Content

OpenAI’s ChatGPT bot has been generating a lot of buzz. But can it generate unique content, over, and over, and over again? To find out, we created a fictional character named Larry, the Hairy Canary and asked ChatGPT to write a poem… and then another poem. And then another. Over the course of our tests…

YouTube Handles for Law Firms

Getting a Handle on YouTube Handles for Lawyers

One of the profound ways social media have shaped all our lives is by making networking and connecting conveniently.

Lawyer focusing on content

How Law Firm Marketing Directors Can Keep Attorneys Focused on Content

Content is an essential part of a successful law firm marketing strategy, and it is important that attorneys respect the necessary time investment.