Right about now you and the other attorneys in your firm are reading the title to this article and saying “our cyber security doesn’t suck!” It probably does. Cnet has reported that in March, 2014 eighteen percent of U.S. adults reported having personal data stolen online. This is up from eleven percent in July, 2013. In wake of the “Heartbleed bug,” my last post discussed four steps for law firms to make their data more secure. That article involved things you probably aren’t doing in your firm but should be. This discussion will focus on things that lawyers are doing which constitute bad security practices. How many of these mistakes are you making?
There’s an important point to remember regarding attorneys and their security. Many don’t see it as a priority to focus on in their business. Think about security by asking yourself this question – would you like to make more money? Assuming that you don’t have some ideological view against prosperity I’ll assume the answer is “yes.” Security problems, such as malware, slow down the computers in your office which, in turn, cost you money. Dealing with security breaches, when they occur, costs money because you have to drop what you are doing and focus on unprofitable administrative tasks. Let’s look at three steps to make a lawyer’s security badass and increase profitability.
Correcting three common security mistakes at law firms
It’s time ask yourself three questions. Do you use your browser to store passwords? Are you running the most recent operating system for all the computing devices involved with your practice? Is anyone in your office using a mobile device that doesn’t have security software installed? If the answer to any of these questions is “yes,” then here’s the welcome mat you’ve put out for people who want your data:
Let’s make three changes and, in turn, people trying to steal your information will feel like they’ve tried to get into this place:
Attorneys should stop using web browsers to store their passwords
Do you use Google Chrome, Firefox, or other web browsers to store passwords? If so then STOP! Browsers store passwords in plain text. This means they’re not encrypted and anyone with access to your computer can easily access them. Try these steps if you save your passwords in the Chrome browser. Click the menu bar (the three stripes in the upper right hand side). Click settings. In your advanced settings click “manage saved passwords.” Now click on any of those passwords and click “show.” To make matters worse, people love the sync tools in modern browsers (these sync your passwords, bookmarks, etc. between devices). Those passwords are stored in the cloud in plain text which means if one of those browser makers ever gets hacked you just gave away every password you’ve stored in your browser.
In my last post I discussed why attorneys should use a password manager such as LastPass. LastPass allows you to sync super-duper hard to break, and unique, passwords for each site. The nice thing, however, is that those passwords are encrypted on LastPass’ server. So even if someone hacks into LastPass they still don’t have access to your passwords, they can only see an encrypted file. If you’re storing passwords in your browser then you’re putting them out there for the world to see.
Attorneys should improve security by keeping their operating systems up to date
Law firms, like many businesses, don’t see it as a priority to update their operating systems regularly. Many attorneys used Windows XP for as long as possible because it “did everything they needed it to” and didn’t see a reason to upgrade. This is often the case with lawyers using Mac OSX, Android devices, iPhones, etc. There’s a big problem with this. New operating systems don’t just add additional features that the user sees. They also address a host of security problems. Here’s an excellent article on explaining that, even if an operating system is receiving security updates from the vendor, it’s still not the most secure option. Whatever OS you use, for computing and mobile, devices, you should upgrade to the newest version. This also includes making sure you regularly install the “automatic updates” for platforms such as Windows.
One issue with keeping your OS upgraded is Android. While Apple and Microsoft ensure that carriers such as Verizon offer consistent OS updates to users of their mobile options, these same requirements aren’t placed on Android phones. In other words, it’s common for people to not receive OS updates for an Android phone they purchase. A way around this is to use either a Nexus phone from Google or one of the “Google Play” editions of your favorite smartphone as these devices all are regularly updated to the most recent version of Android.
Attorneys should stop using their mobile devices without employing security software
We all love our smartphones and tablets. Many think that these devices are above hacks and attacks however. WRONG! Microsoft’s Windows doesn’t attract more viruses/malware because something is inherently wrong with it. It attracts more problems because more hackers target it due to its large install base and hold in the corporate market. As mobile devices continue to proliferate more and more people will target those devices instead. If you think your mobile devices aren’t going to be security problems much longer than you’re wrong. The best security option, in my opinion, to install on Android and iOS is an option offered by Lookout.
Security issues on the web are increasing at a dramatic pace. At the same time, the extent to which you need to move your practice online is also increasing. This creates a major problem for law firms not employing good security practices. Following these three tips is a big step in the right direction.