Do you know your ABCs? Not the ones you learned in grade school, but the ones surrounding cybersecurity that can protect your practice. Ready to relearn them? Let’s begin!
Always read, learn, and understand what is required of you in your cybersecurity insurance policy. Many lawyers today still do not read the fine print when it comes to the legal insurance policies. Do not forget to read the fine print of your cybersecurity insurance policy to learn what you need to do to ensure it works.
Bar rules related to cybersecurity and cyberethics matter. Know your bar rules.
Cybersecurity defined: “Cybersecurity is the measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.” (Merriam-Webster)
Data ethics and your firm. Train your team to understand data ethics. The information you hold is a person, and how would they want their mother treated? Further, data collection policies should reflect the data you actually need, not what you don’t. Consider all data you collect subject to vulnerability and at risk of being stolen. Do you still want it?
Email is always a risk. Create team trainings to help your team understand what the risks are and teach them how to protect the firm. If you need help, hire a professional for the trainings.
Fire drills can help! Do not wait for a problem to know your setup works. Act as if there has been an attack on your practice and bring in your team and your IT professional to learn where the vulnerabilities are.
Get the help you need. We are lawyers. This is not easy. Hire a paid professional, learn what you need to protect yourself, and stay vigilant.
Hire the help you need. Whether it is an employee, a contractor, or a company you want to outsource to, identify and hire who you need in your practice. Do not wait for a crisis to happen.
Install back up and redundant servers and file protections. Test them. Make sure they work.
Just do it. This is an overused phrase, I know. But many of us need that additional push out the door to make a difference in our practices, consider this yours.
Keep an eye out for weird things. Slow computers, zombie computers, misspelled words, unusual file extensions, talking computers…if you start to see this, call your IT professional.
Logins, passwords, and access codes are vulnerabilities. Protect them the best you can. Follow industry best practices, such as sentence structure or a password company, to best protect your access to important information.
Maintain a strong relationship with a local IT professional. Period.
Never leave devices unattended or unsupervised or unpassword protected. Threats and breaches occur even in the safest ecosystem. Do not open the door to potentially dangerous activity. Have a cleaning staff in your building? Lock down your devices at night. Meeting with clients in a conference room? Lock down your devices before you leave the room.
Opening attachments should always be an action of LAST RESORT. Find a different way to share data. Train your employees and yourself to never open attachments. That is one of the easiest ways for a cybercriminal to attack you.
Partner with your clients. Cybersecurity breaches are not a matter of IF, they are a matter of WHEN. Tell your clients of the risk. Explain it to them. Ask them to acknowledge it and agree to it. The ones who want to work with you will work with you regardless.
Quietness is not a virtue when it comes to cybercrimes. If you see something, say something. If you even barely suspect something, speak up and get help.
Read, read, read. Read, learn, and understand what is required of you in your cybersecurity insurance policy. Many lawyers today still do not read the fine print when it comes to legal insurance policies. Do not forget to read the fine print of your cybersecurity insurance policy to learn what you need to do to ensure it works.
Safeguard protected and private data. Take measures to protect the data you use in your law firm. You have some of the most vital data for each of your clients. Be careful to protect it thoroughly.
Train your team. As with every area of your practice, your team will not know how to best protect you and cannot be its most productive if you do not train them. Make the commitment.
Up to date software is a MUST HAVE. Only get your updates from trusted sources.
VPNs are your best friend. You need a VPN on all your devices. It is an easy layer of security to add. This is especially important if you work on a device that may not be in your ecosystem such as unsecure hotel WiFi at conferences.WiFi networks should never be unsecured. It may be “just general lobby WiFi” but there is no such thing. Access to your WiFI is access to your WiFi, no matter what label you put on it.
Xenolalia may seem farther away than it actually is. The more you train yourself on the tech you need the more natural it will become for you, and you will find yourself speaking the foreign language of technology before you know it.
You. This all starts with you. You could make the commitment to do whatever you need to do to succeed in this area, or not. It is up to you. It is your practice.
Zero regrets. When you are the victim of a cyber attack, that is where you want to be. Do not waste time. Get started. Learn what you need to do. Get help. Choose to make smart answers to tough questions. After all, it is your practice, protect it.
We understand that you may have questions, serious questions, when it comes to cyber security, employment practices related to cyber security, and how to best protect yourself, your practice, and your clients. We are here to help. We build successful law practices nationwide. Do not wait to schedule a free 30 minute strategy session so we can discuss how to best support you in your practice.