The threat of getting hacked is scary, but protection is as easy as 1-2-3.
Well, maybe 1-2-3-4-5.
The National Cyber Security Alliance is touting a five-step program for computer and internet safety.
Why should lawyers care? Because law firms are a prime target for hackers.
“If cybercriminals can breach a small business and steal credentials (banking accounts, email access, etc.) they can use that information to steal money directly, create attacks on your customers and work their way around the business ecosystem in other nefarious ways,” says the NCSA.
Step 1: Education
Every member of your team – from summer clerk to senior partner – should understand the importance of protecting data and their role in doing so. Ideally, this is put in writing. Unfortunately, surveys indicate three-quarters of small businesses have no cyber-safety policy.
Start today. Call a meeting to discuss Internet security. An educated staff is your best line of defense. Explain how damaging a breach would be. Bring in examples of how cybercrime has hurt other firms. Show how even an innocuous slip-up – logging onto an email account at an unsecure location, for example – could have devastating consequences.
Step 2: Consult Your Insurance Company
Review your policy to see if it insures against cyber losses. Contact your carrier and request a quote on cyber coverage. Or simply ask for more information. Many companies offer cyber education and “best practices” guides.
Step 3: Be Proactive
Start by assessing your situation and examining your risks. What are your vulnerabilities? Who has access to passwords and data? What are the likely threats?
Come up with a plan. You can’t do everything at once. Begin with simple steps like “when in doubt, throw it out” – i.e., instructing employees not to open suspicious links in email, tweets, posts, online ads, messages or attachments even if they know the source.
Plan ahead. Review your cyber-situation every six months or so. Make changes where necessary.
Step 4: Protect Your Supply Chain
“Your network of trusted relationships is actually one of your biggest points of vulnerability,” advises CSC, a global IT leader that works with some of the largest insurance companies in the world. “Consider all the companies you do business with: advertising firms, technology providers, lawyers, accountants, etc. They’re all part of your supply-chain ecosystem. Now consider this ecosystem tier-by-tier, and you’ll see how many ways into your company it presents. Criminals can attack you by first attacking the systems of your tier-two, tier-three and tier-four partners.”
Step 5: Know When and How to Respond to an Incident
You’ve trained your staff. You have a cyber-safety plan in place. You’re protected and ready.
Now comes the dreaded 3 AM call. Your network has been breached. All systems are down. What to do?
The answer is easy if your plan includes an incident response protocol. It tells you what steps to take to contain the damage and minimize risk.
There you have it, a five-step program to cyber-sanity. It’s not such a big deal when you break it down to bite-sized chunks. The important thing is to get going. Begin today.
- National Cyber Safety Alliance https://www.staysafeonline.org/business-safe-online/assess-your-risk
- Lawyers Insurance Agency http://www.lawyersinsuranceagency.com/
- CSC http://www.csc.com/insurance/insights/107033-incidents_happen_five_steps_to_insurer_cybersecurity
Jay Reeves a/k/a The Risk Man practiced law in North Carolina and South Carolina. He is a former Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual.