10 Tips for Securing Your Law Firm

18 May 2021

Law firms have so much sensitive data and that is why they are one of the major targets of cyber criminals for ransomware. According to American Bar Association, 26% of law firms experienced a form of data breach. Of course, you don’t want your firm to be part of that statistic.

How do attacks happen?

We see two main types of attacks on law firms.

1. Ransomware (commonly known as crypto-locker):  attackers lock you out of your files and systems and demand payment to get them back.

2. E-Fraud: fraudsters intercept and modify legitimate electronic payments so they redirect to their accounts; scam requests for payment which appear to come from colleagues/clients.

What can you do to secure your law firm?

1. Separate personal and work accounts

Create different accounts for your personal and work use. Don’t use the same password at work and at home. 

2. If you are suspicious of an email or website, don’t open it.

Sending out fake emails or fake websites is the basic method cyber attackers use to trick victims. If you receive a strange and unexpected email, delete or close it. Avoid being a victim of domain impersonation. 

3. Add an extra layer of security

A username and a password aren’t enough. Two Factor Authentication (2FA) adds a second method of identity verification to secure our accounts. 

4. Install updates when needed

Yes, you need to install those software updates. Installing updates is important. Running an outdated software is risky as it is prone to security holes. Updates keep you safe from security flaws that are discovered in the older version. Installing updates fix bugs and cover security holes to keep hackers away.

5. Patch antivirus, firewalls, and device encryption

Installing security software is always a good idea. Some of them have features that automatically detect malware or viruses, fake websites and such. It saves you from becoming a victim once you accidentally click on links you shouldn’t. 

6. Update strong passwords regularly

Be smart about passwords. A strong password must have at least 20 characters long and include numbers, letters, and various symbols. Changing passwords every 3 to 6 months is ideal. Make sure you don’t use the same password for multiple applications. Applications like Bitwarden or 1Password are secure ways to manage your passwords. 

7. Secure your meetings

In some cases, there are vulnerabilities that could have let uninvited people join private meetings.  Cyber criminals join an active meeting by entering a unique Meeting ID, without requiring a password or going through the Waiting Rooms. So always make sure you are in a secure private meeting. 

8. Do not connect to any public network

When you’re using public Wi-Fi, you don’t know who set it up and who else is sharing the network. It may say it is a restaurant Wi-Fi, but it could be just a random guy with a laptop who is trying to steal your sensitive data. Accessing the Internet using a private Wi-Fi connection is safer than using public Wi-Fi. 

9. Continue to raise awareness

Fighting against cyber threats is a teamwork. Be updated with the latest cybersecurity news and do regular security training when embracing a remote-work lifestyle. 

10. Be proactive

Have a plan for what to do if a device is lost or stolen.

Ensuring an effective defense against cybercrimes is a priority in every law firm.

As ransomware attacks are becoming more and more common, NZCS creates solutions to protect both your computers and data.

Keep your firm cyber-secure. For any questions you have, we’d be glad to help.

You May Also Like

Understanding Zero-Day Vulnerabilities

Why Clicking a Link Isn’t Always Safe Recently, I had an interesting conversation with a developer about one of the most common pieces of advice