Online Security Basics for the Busy Lawyer

BY Jim Carroll

Online Security Basics for the Busy Lawyer


Every lawyer that has a busy practice has a thousand things to worry about every day of the week. It is easy to let the day-to-day chaos of a law office over-shadow the importance of protecting the data in your servers from both accidental and intentional loss. But there are certain best practices that will make worrying about data breaches less of a concern.

Intentional data breaches happen all the time. A recent study has indicated that approximately 60 separate sensitive and confidential records are stolen and lost every second every day. Further, the world-wide total cost of an average data breach is $3.86 million. This number is a 6.4 percent increase in costs over last year’s average. As intentional data breaches are increasing every year and law firms need to increase their efforts to stop them.

What’s in a password?

So, what are the basics of protecting the confidential information of clients and a law firm’s internal business data?

First and foremost is having a robust password. Google advises its users to follow several best practices. The password should be unique and eight characters or more. The password should be a combination of letters, numbers and characters. Creating a memorable phrase using various numbers and characters that replace letters will allow the password to be easily memorized without having to write it down, which is also not recommended.

For example, instead of using the letter “S,” replace it with the “$” symbol. The same can be done with the letter “E” being replaced with the number “3.” Also, do not use personal information or common words or numbers such a birth dates or addresses that can be easily discovered and used to break a password.

It is recommended that lawyers change passwords often -- at least once every six months but it is even better to change them every three months.

The next major technique used by hackers to sneak into a law firms’ database is something called “phishing” or more specifically called “spear-fishing.” Phishing involves a hacker sending out millions of emails in order to catch an unsuspecting person to trigger the trap and give access to their computer. Spear-fishing uses the same technique but involves a laser focus on one employee. Once that employee opens an infected email or file attachment, then the trap is sprung.

The best way to prevent spear-fishing is to train employees to report any suspicious emails and to not open any file attachments that come from an untrusted source.

A new trend in online security protection is to plan on the inevitable happening and purchasing cyber insurance. Cyber insurance will pay for the cost of a security breach. Further, the insurance company might require certain protections and practices to be implemented before a policy can be issued.

Jim Carroll

Jim Carroll is a contributor for Bigger Law Firm.


Google Changes the Rules for AI Content

Google has Changed their Mind About AI Generated Content

Their change in terms essentially amounts to, “Yes, you can use AI tools to help create quality content but it had better be good.”

Law Firm Marketing Director

What Makes a Great Law Firm Marketing Director?

In an ever-changing legal landscape, an exceptional Law Firm Marketing Director stays ahead of the curve. They adopt a visionary perspective to navigate through intricate legal landscapes and drive the firm’s marketing initiatives. This involves identifying market trends, predicting client needs, and planning innovative marketing strategies to secure a competitive edge.

Writing press releases for law firms

How Law Firms Can Effectively Use Press Releases

Press releases allow law firms to share their successes, announce new hires or promotions, and position themselves as thought leaders in their respective practice areas. In this article, I will share best practices for writing a great title, writing a great summary, and telling your story in a meaningful way, as well as provide scenarios…