Online Security Basics for the Busy Lawyer
BY Jim Carroll
Every lawyer that has a busy practice has a thousand things to worry about every day of the week. It is easy to let the day-to-day chaos of a law office over-shadow the importance of protecting the data in your servers from both accidental and intentional loss. But there are certain best practices that will make worrying about data breaches less of a concern.
Intentional data breaches happen all the time. A recent study has indicated that approximately 60 separate sensitive and confidential records are stolen and lost every second every day. Further, the world-wide total cost of an average data breach is $3.86 million. This number is a 6.4 percent increase in costs over last year’s average. As intentional data breaches are increasing every year and law firms need to increase their efforts to stop them.
What’s in a password?
So, what are the basics of protecting the confidential information of clients and a law firm’s internal business data?
First and foremost is having a robust password. Google advises its users to follow several best practices. The password should be unique and eight characters or more. The password should be a combination of letters, numbers and characters. Creating a memorable phrase using various numbers and characters that replace letters will allow the password to be easily memorized without having to write it down, which is also not recommended.
For example, instead of using the letter “S,” replace it with the “$” symbol. The same can be done with the letter “E” being replaced with the number “3.” Also, do not use personal information or common words or numbers such a birth dates or addresses that can be easily discovered and used to break a password.
It is recommended that lawyers change passwords often -- at least once every six months but it is even better to change them every three months.
The next major technique used by hackers to sneak into a law firms’ database is something called “phishing” or more specifically called “spear-fishing.” Phishing involves a hacker sending out millions of emails in order to catch an unsuspecting person to trigger the trap and give access to their computer. Spear-fishing uses the same technique but involves a laser focus on one employee. Once that employee opens an infected email or file attachment, then the trap is sprung.
The best way to prevent spear-fishing is to train employees to report any suspicious emails and to not open any file attachments that come from an untrusted source.
A new trend in online security protection is to plan on the inevitable happening and purchasing cyber insurance. Cyber insurance will pay for the cost of a security breach. Further, the insurance company might require certain protections and practices to be implemented before a policy can be issued.
Over one million WordPress websites have been infected by a malware campaign called Balada Injector since 2017, according to cybersecurity firm GoDaddy’s Sucuri. The attackers behind the campaign use all known and recently discovered vulnerabilities in WordPress themes and plugins to breach sites. They typically play out their attacks in waves once every few weeks,…
As a law firm marketing director, you understand the importance of SEO in driving traffic to your website and generating leads for your firm. However, convincing the partners of your law firm to invest in SEO can be a daunting task, particularly if they do not understand its benefits. Here are some tips on how…
User experience, commonly referred to as UX, is an essential aspect of any marketing strategy, including law firm marketing. It encompasses everything that the user experiences while interacting with a product or service, including ease of use, accessibility, visual appeal, and overall satisfaction. The psychology behind user experience is a fascinating subject, and understanding it…