At Above the Law, Joe Patrice calls law firms “the soft underbelly of American cyber security.” And he is right. If you consider the sensitive nature of the information on most lawyers’ computers, plus the proud Luddites making technology decisions at most law firms, this should come as no surprise.
I know plenty of lawyers who can barely set up their email, much less encrypt their hard drives. More than a few law firms continue to fall for lame 419 scams. I wouldn’t be surprised to find a few partners using their CD tray for a cup holder. Compromising the systems of lawyers like this is child’s play for hackers who can remotely. compromise a mobile phone with a single misplaced click.
Lawyers need to get their acts together, and soon. Think of the information you have about your clients, stored on your computers. For starters, you almost certainly have everything necessary to steal all your clients’ identities and empty their financial accounts. If you represent businesses, you may have trade secrets. You definitely have volumes of confidential information that would make excellent extortion ammunition.
If you are your own IT department, there is no way you are up to the challenge of securing your network against determined hackers, but here is a to-do list to get you started. (I am focusing on Windows because there are more, and they are more vulnerable. If you use a Mac, keep your OS updated and turn on the firewall and FileVault.)
- Use better passwords. Passwords, as fragile as they may be, are the key to everything. Use good ones, and turn on two-factor authentication, where available.
- Upgrade to Windows 7 or 8. Windows XP and Vista are outdated, particularly when it comes to security. Get your systems up to date on Windows 7, at a minimum, and make sure it is fully up to date.
- Use Windows Defender. Formerly known as Microsoft Security Essentials, Windows Defender is free, solid security software. It is not foolproof, but it will go a long way to securing your network.
- Turn on your firewall. A firewall prevents unwanted incoming connections. You may need to set up some exceptions for your systems, but it will be worth the extra security.
- Encrypt your mobile hard drives. I have been saying this for years, but it is time. Any data that leaves the office should be encrypted or, in the case of smartphones and tablets, secured as much as possible. In Windows, turn on Bitlocker. In Mac, turn on FileVault. Job done.
There is much more on data security in our archives, but security is important enough that you should hire a professional to secure your systems.