Laptop being hacked

Right about now, you and the other attorneys in your firm are reading the title of this article and saying, “our cybersecurity doesn’t suck!”

I’m sorry to say, but it probably does. In 2019 alone, there were over 15.3 million records exposed as a result of cybercrime.

In the wake of the “Heartbleed bug,” my last post discussed four law firms’ steps to make their data more secure

In this post, we’re going to be covering the missteps your firm is probably taking when it comes to cybersecurity — and the actions you can take to correct those missteps.

How many of these mistakes are you making?

There’s an important point to remember regarding attorneys and their security. 

Some might not see it as a priority to focus on the inside of their business. Think about security by asking yourself this question: Would you like to make more money? 

Assuming that you don’t have some ideological view against prosperity, I’ll assume the answer is “yes.” Security problems, such as malware, slow down the computers in your office, which, in turn, costs you money. 

Dealing with security breaches, when they occur, costs money because you have to drop what you’re doing and focus on unprofitable administrative tasks. Let’s look at three steps to make a lawyer’s security tighter and increase profitability.

Correcting Three Common Security Mistakes for Law Firms

It’s time to ask yourself three questions. 

Do you use your browser to store passwords? Are you running the most recent operating system for all the computing devices involved with your practice? Is anyone in your office using a mobile device that doesn’t have security software installed? 

If the answer to any of these questions is “yes,” then here’s the welcome mat you’ve put out for people who want your data:

Welcome Mat In Front Of Door To Home

Let’s make three changes and, in turn, people trying to steal your information will feel like they’ve tried to get into this place:

Chained House

Let’s make three changes and, in turn, people trying to steal your information will feel like they’ve tried to get into this place: 

Step 1: Stop Using Web Browsers to Store Your Passwords

Do you use Google Chrome, Firefox, or other web browsers to store passwords? 

If so, then STOP! Browsers store passwords in plain text. This means they’re not encrypted, and anyone with access to your computer can easily access them. 

Try these steps if you save your passwords in the Chrome browser. Click the menu bar (the three stripes on the upper right-hand side). 

Click settings. In your advanced settings, click “manage saved passwords.” Now click on any of those passwords and click on the little eyeball. 

People love the sync tools in modern browsers (they sync your passwords, bookmarks, etc., between devices). To make matters worse, those passwords are stored in the cloud in plain text, which means if one of those browser makers ever gets hacked, you just gave away every password you’ve stored in your browser.

In my last post, I discussed why attorneys should use a password manager such as LastPass. 

LastPass allows you to sync super-duper hard to break and unique passwords for each site. 

The nice thing, however, is that those passwords are encrypted on the LastPass server. So even if someone hacks into LastPass, they still don’t have access to your passwords; they can only see an encrypted file. 

If you’re storing passwords in your browser, you’re putting them out there for the world to see.

Step 2: Keep Your Operating System Up to Date

Like many businesses, law firms should see it as a priority to update their operating systems regularly. 

Many attorneys used Windows XP for as long as possible because it “did everything they needed it to” and didn’t see a reason to upgrade. 

This is often the case with lawyers using Mac OSX, Android devices, iPhones, etc. 

There’s a big problem with this, though. New operating systems don’t just add additional features that the user sees. They also address a host of security problems. 

Here’s an excellent article explaining that, even if an operating system receives security updates from the vendor, it’s still not the most secure option. 

Whatever OS you use, for computing and mobile devices, you should upgrade to the newest version. This also includes making sure you regularly install the “automatic updates” for platforms such as Windows.

One issue with keeping your OS upgraded is Android. While Apple and Microsoft ensure that carriers such as Verizon offer consistent OS updates to users of their mobile options, these same requirements aren’t placed on Android phones. In other words, it’s common for people not to receive OS updates for an Android phone they purchase. 

A way around this is to use either a Nexus phone from Google or one of the “Google Play” editions of your favorite smartphone as these devices all are regularly updated to the most recent version of Android.

Step 3: Stop Using Your Mobile Devices Without Security Software

We all love our smartphones and tablets. Many think that these devices are above hacks and attacks. But the fact of the matter is that’s completely wrong. Microsoft’s Windows doesn’t attract more viruses/malware because something is inherently wrong with it. 

It attracts more problems because more hackers target it due to the large install base and hold in the corporate market. 

As mobile devices continue to proliferate, more and more people will target those devices instead. If you think your mobile devices aren’t going to be security problems much longer, you’re wrong. The best security option, in my opinion, to install on Android and iOS, is an option offered by Lookout.

Bonus Tip: Switch to Linux

For any law firm looking to improve their security, I strongly advise switching your OS to Linux. Check out my guides on Linux and switching operating systems here:

Security issues on the web are increasing at a dramatic pace. 

At the same time, the extent to which you need to move your practice online is also increasing. This creates a significant problem for law firms not employing acceptable security practices. 

Following these three tips is a big step in the right direction.

And another non-security related tip: If you haven’t already, check out my guide on SEO for attorneys here.