The recent revelation that one in five law firms was hacked in 2017 should be a wake-up call for all practicing attorneys.
But the alarm should ring loudest for solos and small firms, which are already stretched thin for time and resources, and which may not have the benefit of IT staff.
The ABA 2017 Tech Report found that 22 percent of law firms experienced some sort of cyber attack last year. And those are just the ones that were reported. Who knows how many firms were hit and never knew it?
It should be comforting, then, to know that you can greatly reduce your cyber-risk by taking a few basic steps.
1. The Password Is …
I know, I know. You’re sick of hearing about passwords. You get that it’s a bad idea to write them on a sticky note posted over your desk. And you know better than to use your mother’s maiden name or the word “password.”
And yet a quality password remains your front line of defense against cyber-baddies. If you want to dive deep into this topic, take a look at best practices for passwords as recommended by the National Institute of Standards and Technology.
To save time, you can follow the advice of ABA tech writer Jason Tashea:
“[C]reate a strong password, or longer passphrase where possible, that avoids the maddening nature of passwords with upper-case, special symbols and numbers,” he writes here. “Think of a line from a book or song that is not that popular and easy for you to remember. This is especially important to master passwords to things like that new password manager you got after reading this article. Also, unless you are breached, NIST no longer recommends making periodic changes.”
2. Use a Password Manager
This is the number one recommendation from Mark Bassingwaithe, risk manager at ALPS.
“Password managers are software applications that allow you to conveniently store and manage all of your passwords,” he writes here. “The data is encrypted and can only be accessed after you have entered a master password. Yes, you still need to remember a long, difficult-to-guess master password. But having to remember just one is far easier than 250. The use of a password manager is going to be far more secure than picking weak passwords, not changing passwords and re-using old passwords, which is what so many do by default.”
Tashea also touts password managers: “No longer will you need gimmicks to remember which password had an exclamation point or the capital ‘T’ in it. The manager will handle that for you.
So which password manager should you use? Tashea offers guidance on various products here. And The Center for Information Technology Policy at Princeton has lots of valuable pointers.
3. Two-Factor Authentication
“[This] is a two-step process to signing into an account,” says Tashea. “Instead of merely typing your password and logging in, two-factor will send you an email or text message with a unique passcode to enter before you can access your account. The hope is that if your password is compromised, you have a second line of defense. All major companies have two-factor now, so take advantage of it.”
Want to know if a website uses two-factor authentication? Go to twofactorauth.org and type in the URL to find out.
4. Get Cyber-liability Insurance Coverage
Your malpractice policy likely doesn’t cover losses from a cyber attack. The solution is to get a separate cyber liability policy. The coverage is usually very affordable, and it takes only minutes to apply. In North Carolina, contact Lawyers Insurance to learn more.
Top 10 Game Shows of All Time
Password is number eight on TV Guide’s list of the greatest all-time television shows:
- Wheel Of Fortune
- Family Feud
- Match Game
- The Price is Right
- Who Wants To Be a Millionaire
- The Hollywood Squares
- What’s My Line
- The Newlywed Game
- ABA 2017 TechReport https://www.americanbar.org/groups/law_practice/publications/techreport/2017.html
- ALPS 411 https://blog.alpsnet.com/managing-the-password-headache
- ABA Journal http://www.abajournal.com/lawscribbler/article/5_cybersecurity_steps_you_should_already_be_taking/?icn=sidebar&ici=1
- Two Factor Auth https://twofactorauth.org/
- National Institute of Standards and Technology https://pages.nist.gov/800-63-3/sp800-63b.html#appA
- TV Guide http://www.tvguide.com/news/greatest-game-shows-1066568/