Of all the cybersecurity challenges pervading businesses today, perhaps the most troubling and damaging are phishing scams. Hackers are actively turning your own employees against you in unexpected ways — ways that might not even register as a scam to your staff members. The days of phishing emails being relatively easy to spot with poor spelling, entreaties to help overseas princes regain their title and other far-fetched scenarios are over, and today’s cybercriminals are getting craftier by the minute. With a simple click by someone from within your law office, hackers are often able to obtain credentials and access internal information as though they were an authorized staff member. This frightening scenario is happening in law offices of all sizes, not just the largest firms in the country. These suggestions will help you reduce the risk to your law office and protect your digital information assets.
Plan Ongoing Intrusion Training and Tests
One of the best ways to help staff members see how realistic intrusions can be is to engage in an ongoing strategy of testing. This could include everything from quarterly reviews of payment and data access procedures with key staff members to regular phishing email tests that go to all staff members. Seeing how easily people do or do not click on a test attack can provide valuable information that can be leveraged in ongoing training classes.
Protect Access with VPNs
The American Bar Association rules of professional conduct, ABA Model Rule 1.6(e) specifically, requires that lawyers “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client”. This single requirement becomes more difficult over time as there are new ways discovered for hackers to infiltrate the sensitive information that is being stored by your law office. VPN (Virtual Private Network) access allows individuals working remotely to access information securely without that data traveling over the open web.
Verify, Verify, Verify
Maintaining a high level of security means more than simply adding firewalls and securing your data access points. It also requires reinforcing critical procedures such as payment methods and multi-factor authentication. Verifying that individuals are who they say they are should involve more than one verification method such as biometric data or cell phone authorizations. Staff members should be coached that any unusual requests that arrive via email should be confirmed by a secondary method of communication, such as a personal phone call, in-person conversation or text message. This is particularly true of any requests for personal or private information that comes via email, as email addresses can be easily masked so they appear to come from trusted to internal sources.
Managing your law firm’s network infrastructure and security doesn’t have to be complicated. The experts at UTG provide co-managed technology solutions that supplement the knowledge of your internal teams with expertise and hands-on support when and how you need it. See how our revolutionary model can help improve security and boost efficiency when you contact us for a free initial consultation by calling 855-841-5888 or reach us via email to firstname.lastname@example.org.