The Best Approach to Cybersecurity: Being Proactive

Does current news related to cybersecurity leave you confused about the steps needed to protect your data? With so many various forms of attack, it is easy to be overwhelmed by the sheer volume of dangers lurking in cyberspace.

With such recognizable brands as Target, PF Chang’s, and eBay in the news for data breaches caused by hacking, it is easy to forget other targets such as law firms. Law firms are targets for hackers because they often have large trust account balances and little technology security.

Hackers guided a law firm receptionist at a Canadian law firm to divulge trust account information over the phone. Through a trojan placed on the receptionist’s computer, the hackers logged her keystrokes while she was on the bank’s website, enabling them to take out the funds covertly over time.

Law firms are making the news for falling victim to extortion attacks. A recent extortion attack known as  Cryptolocker worked by encrypting law firm files and demanding ransom. The threat of a breach is real, though there are steps firms can take to mitigate such damages.

1. Separate non-work computers from the work server. Non-work computers often lack the extra security measures taken by the law firm and a two minute break on a social media site gives a hacker a chance to disrupt your work files. 
2. Require security codes on mobile devices. Ensure that smartphones and mobile devices are password protected. In the case of stolen or lost devices, password protection and possibly an app such as Find my iPhone, can thwart hackers. 
3. Install malware AND antivirus and keep the software up to date. Hacking programs are constantly evolving. Ensure that both malware and antivirus programs you are using update frequently to prevent any holes for a potential hack. Some cyber insurance policies exclude coverage for breaches involving outdated software.
4. Invest in secured mobile technology. For instance, you can use thumb drives with safeguards built in to erase date if lost or stolen.
5. Inform your team. Educate everyone in the office about where the risks are and how to avoid them. Appoint someone to serve as your “cyber czar” and have them stay up to date on threats. Make sure you keep up with breaking news items about the latest cyber threats and share the information with everyone. 

Although cybersecurity risk management seems burdensome, the threat is real. Contact Lawyers Mutual if you have any questions regarding these or other steps you can follow to prevent or to minimize damages from a cyber-breach.

Resources:

• http://www.welivesecurity.com/2014/02/10/american-law-firm-admits-entire-server-of-legal-files-fell-victim-to-cryptolocker/
• http://www.pcworld.com/article/2046300/hackers-put-a-bulls-eye-on-small-business.html
• http://www.usatoday.com/story/news/nation/2014/05/14/ransom-ware-computer-dark-web-criminal/8843633/
• http://www.propertycasualty360.com/2014/04/02/managing-risk-for-bring-your-own-device-companies

Jeanine Soufan is a rising 2L at Campbell Law. She joined Lawyers Mutual as a Summer Associate for the summer of 2014 in conjunction with the North Carolina Bar Association’s Minorities in the Profession program.  In her free time, she hangs out with her family and friends, watches Bollywood, and listens to BBC Radio 1.