It happens just about every day. You receive a message in your inbox from an unknown sender. It’s marked “urgent,” and you go ahead and open it, because maybe it’s from a new client, or someone related to a case. Unfortunately, that email contained a virus. With one click, you’ve started a chain reaction of calamity that will encrypt every file on your firm’s servers.

In 2015, Bloomberg released a study, showing that 80 of America’s largest firms have been hacked since 2011. It’s more important than ever for lawyers to understand how even the most innocuous errors can lead to disaster, compromising internal data, client data, and bringing the potential to tank the livelihoods of all concerned.

 

To illustrate, here’s a few of the top mistakes we lawyers make:

 

Opening Email Attachments From Senders You Don’t Know

It happens just about every day. You receive a message in your inbox from an unknown sender. It’s marked “urgent,” and you go ahead and open it, because maybe it’s from a new client, or someone related to a case. Unfortunately, that email contained a virus. With one click, you’ve started a chain reaction of calamity that will encrypt every file on your firm’s servers.

In 2015, Bloomberg released a study, showing that 80 of America’s largest firms have been hacked since 2011. It’s more important than ever for lawyers to understand how even the most innocuous errors can lead to disaster, compromising internal data, client data, and bringing the ptential to tank the livelihoods of all concerned.

 

Keeping Unencrypted Client Data on Your Personal Device or Laptop

Your mobile devices are just that – mobile. They are an easy target for thieves. Imagine how you would explain this to your partners, and more importantly, your clients. Avoid storing sensitive information on these devices, and always keep your device password protected. Using two-factor authentication is also a good idea, as is encryption and intrusion detection. Store sensitive documents in a secure cloud that only you and other relevant parties can access. That way, if you are a victim of theft, they won’t be able to access your data.

 

Not Investing in High-Quality, Secure Internet

Everybody loves a bargain, but that cheap DSL offer is probably not going to be better. In fact, it may not even support the amount of bandwidth you need to remain secure, and ensure 100% uptime access to your network and files. A top quality connection always pays dividends in enhanced productivity, connectivity, and quality of communications.

 

Installing New Systems Without Consulting an I.T. Professional

More and more, clients are demanding that their data remains secure through every step of the process. Without being able to ensure high security standards, you are not only doing your clients a disservice, you are putting your firm at risk also. Do yourself a favor and do it right the first time. Consider the fact that new threats are constantly evolving, and what worked last year may not do the job today. Choose an IT security system that self-updates, or bring in a consultant who can design a system that is relatively future-proof. Depending on how you work, your protection should be deployable from the cloud, and run quietly in the background. Other on-the-ground solutions include dual-factor authentication, and ongoing training for your staff, but there is no substitute for expertise. Even if you have an IT team, consider bringing in a specialist in IT security. These are the people who know – and they can, in turn, educate your IT team.

 

Falling for a Phony ‘Expert’ Ploy

If ‘Bob from Microsoft’ calls and wants to connect to your system in order to repair an issue, make sure it’s who they say they are, and who initiated the service call. Keep in mind, nobody is going to just call you out of the blue to fix your problem (if indeed you have one), so no matter how together they sound, don’t let them get anywhere near your technology.
These days, you can’t avoid technology in your practice, and why would you want to? But by avoiding these common mistakes, you’ll be making everybody’s lives so much easier, and most importantly, protecting your practice. For more on this subject, see Part II of this article.