Cybersecurity is making waves in the legal community, proving daily that it’s becoming more important to follow these steps to protect your client’s data as well as your firm’s data. Breachers are smart and extremely technologically advanced, and only becoming more advances as we progress. Here are nine questions to ask your firm and audit how seriously they’re protecting data.
Do you have 2FA?
Two Factor Authentication is an extra layer of protection between your data and where it’s housed. 2FA requires a password and usually a secondary code to access confidential data such as emails and documents.
Is your OS up to date?
Operating systems are often out of date and behind on updates. We completely understand the annoyance of shutting down your computer, rebooting with an upgrade, and waiting for it to finish up so you can log back in and continue working. We can’t stress enough to install Windows/Mac updates as they become available. Consider having a policy in place to make it mandatory for users to power down every so often and install updates.
Are your files encrypted?
Encrypted files help further prevent breaches in your firm. Encrypted files simply means you need a username and password to access the documents. Client files and confidential information are among the most important documents to encrypt. Computers, Laptops, and smartphones are constantly being broken into and stolen, so having your data locked and secured prevents any breaches.
How safe are your passwords?
Weak passwords are easy to hack. Don’t use obvious passwords like “password,” “1234,” pet’s names, or your name. Password managers create strong complex passwords that are not easily hackable, but easy enough for you to remember and use that password universally for work purposes.
Are your employees trained on cybersecurity?
Breachers are becoming more and more advanced by the day, so cybersecurity is forever evolving. It’s important to keep your employees up to date on the best practices of protecting your firm data. The most common way to contract ransomware is by opening an email that is disguised as something important and downloading a document within the email. Employees should be educated on phishing, security, and how to spot red flags in your field.
Do you have insurance coverage for a breach?
Although you’re taking all of these tips into consideration, you can still be exposed to a cyberattack at some point throughout your firm’s life. Additional cyber insurance is important to have just in case you lose any client files or sensitive information is compromised.
What’s your disaster-recovery plan?
Ask how long it will take to get your firm up and running again. Does your firm have a point person for when things go south? How do you plan on recovering your firm’s data and explaining to your clients that you’ve been breached?
Where is your data being stored?
Are you using an offsite facility? Cloud based users have their documents and information stored in an offsite facility with extremely high Fort-Knox-type security.
How are your regular risk assessments handled?
Penetration testing is something that needs to be done regularly. Check how secure your plans are. As mentioned before, breachers are getting better at what they do every day, so it’s important to make sure your firm is on top of new developing protection practices.