It is vital, regardless of the size of your law firm, that you utilize astute cybersecurity practices. The IT landscape is constantly evolving, as is the rest of our digital-centric world, and we must learn to proactively adapt and respond to these challenges. Denial-of-service attacks, where perpetrators disrupt services and make a machine unavailable to its users, have decreased since 2018 — as well as ransomware attacks. However, according to the Online Trust Alliance, losses caused by business email compromises have doubled and crypto-jacking incidents have more than tripled.
The ever-changing landscape of the web can make it difficult to truly know if you're protected against these attacks. The checklist provided here will give you the basics of securing your law firm against a variety of threats, so here are five things to add to your cybersecurity checklist:
Assessing the risks within your own IT infrastructure can be difficult because it relies on a detailed understanding of potential weaknesses before they are attacked; it requires you being steps ahead of any potential threats. To start, you need to address certain questions to develop a plan:
- How would a cybersecurity attack affect the functions of your firm? Who would be affected, and how would it impact your credibility?
- What data or client records are critical to your firm's operations?
- Are there any specific regulatory requirements your firm should comply with?
- What is your budget for cybersecurity?
Control company domain
Most companies have a domain controller, used to set up email profiles or provide permissions to users for certain programs. When establishing a new hire in the office, there's typically an onboarding process to add them to the domain controller. You may be lacking an off-boarding process, however, for when a user should no longer have access to company data, programs and computers, says Inside Business.
The domain controller is where all domain login and password information is stored. Using this can keep the login/permission all in one location, and simplify the process. The list of users and their permissions should be checked and updated frequently. If someone is no longer working at the firm, they should be removed from the domain so they no longer have access to company information.
Keep software updated
Set up your operating system for automatic updates – turning off computers at night will enable them to update (and clean out system clutter) on a regular basis. System updates are particularly important for server operating systems where they should be reviewed on a recurring schedule. While these updates may seem like an occasional inconvenience, they're important to utilize because they're often updating security features based on past attacks or flaws in protection.
Also, make sure that none of your software is reaching "End of Life." All this entails is that the maker is no longer providing updates, support or security fixes. For example, on January 14th, Windows 7 Service Pack 1 will no longer be supported, which puts users at risk for security breaches.
Educate staff on phishing
Avoiding uncommon or suspicious links may seem like a simple practice, but there is a reason phishing continues to persist — people still fall for it. Tactics have changed over time, now including "vishing," which is the practice of criminal phone fraud, so businesses must remain vigilant and aware of how these scams can surface. Educate staff to never provide log-in information on a website that they're unsure of, and to be wary of links or pop-up windows that rely on a sense of urgency, suggests My Tech Decisions.
Consider the cloud
Storing your company's information in the cloud offers extra layers of security and additional steps to ensure your network is protected. You could wrap up 2019 and head into the new year knowing that you've made all possible advances towards the best cybersecurity practices and utilize the Afinety Cloud Program, which offers unmatched security through Amazon Web Services.