Jokes are a common target for lawyers. A man might ask a lawyer “Will answer two questions for you if I pay you $400?” and the lawyer would respond “Yes.” What is your next question?
Lawyers are not only prime targets for jokes but also for cyberattacks. It is not a question of if, but rather when a lawyer will be the victim of a cyberattack. Lawyers have access to sensitive information about their clients, such as trade secrets, financial documents, and business strategies. Cybercriminals see this information as their next paycheck.
Lawyers are required to protect the data of their clients under the Rules of Professional Conduct. It is important to take reasonable measures to reduce the risk of cyber attacks. Lawyers are not expected be experts on all things cyber, but they do need to understand how information about clients is stored and the steps that must be taken to secure it.
The duty varies depending on the circumstances. If you are a lawyer at a large international law firm it is reasonable for an IT team to monitor and manage advanced security measures. As a sole practitioner, these resources are not expected of you. It does not mean that you are exempt. No matter how big or small a firm is, it’s expected that they have the infrastructure to protect their clients’ information. The ABA recently issued guidance that all law firms should have a plan to detect, protect against and respond to cyberattacks.
It is impossible to cover the topic of cyberattacks and how to respond in a short article. This article will give some basic tips on how an attorney can protect their client’s data. These practical tips will help reduce the odds of becoming a victim of a cybercrime.
Do not connect to public Wi-Fi
It can be difficult for lawyers to “unplug” from the internet. Whether they are in a cafĂ© down the road or a bistro on the other side of the world, staying connected is a necessity. In some cases, however, staying connected may only be possible by connecting to public Wi-Fi networks. This is a convenient method of gaining access to the Internet, but it comes with a lot of risk.
Cybercriminals can easily take over public Wi-Fi. You will send your data directly to a cybercriminal if a cybercriminal “spoofs”, or takes control of, a public WiFi network. All information sent – including emails, client data, credit card details, etc. – will be accessible to the cybercriminal. Cybercriminals will have access to any information transmitted – emails, client information, credit card details etc.
Users have no way to know if a Wi-Fi network is compromised. The basic rule is to not connect to any Wi-Fi networks without first taking the necessary steps to protect yourself. Use a VPN or mobile hotspot to connect if you must. You can also wait until you reach a WiFi network that you trust and are confident about. This will ensure that sensitive client information isn’t intercepted.
Implement Multi-Factor Authentication
MFA is not a brand new concept. The legal profession is notoriously slow to catch up with the latest technology trends. It is time to use MFA for data protection.
What is MFA (Multi-Factor Authentication)? MFA is an additional security measure that requires users to confirm their identity twice before they can access certain information. Entering your password into a computer, for example, is a form of verification. You may also receive a message if you are using MFA. It might ask, “Are you trying to log on right now?”. If you reply “yes”, you will gain access to your PC. If you choose “no,” anyone trying to access your information will be prevented. By using MFA to protect your data, you can reduce the risk of a breach.
MFA can be implemented by a number of companies and programs. These services are not free, but the protection of your license and client data is worth it.
Recognize sophisticated phishing attacks
The concept of phishing is well-known to most people. A phishing attack, in its simplest form, is a fraudulent communication which appears legitimate and aims to get information or money out of the recipient. The sender is trying to convince their recipient to click on a link that contains a virus or to provide sensitive information.
The traditional phishing attack was easy to detect and even funny at times. If, for example, an individual received an e-mail from the Queen Genovia asking for a Starbucks gift certificate, they would immediately recognize it as a scam. Phishing attacks are becoming more sophisticated.
Phishing attacks today are targeted at the specific recipient. These “fraudulent email” are now more difficult to detect.
Imagine the following: A lawyer receives a message from [email protected]. The lawyer does not recognize the email address, but the content of the message appears to be genuine. In the email, it says: “Please find attached a link to client documents for the pro bono case your firm has agreed on. Please let me know should you have any further questions. The email includes a link to an established file-sharing website. The sender (a criminal) can then access the server of the law firm and steal confidential client information.
This scenario is an example of how sophisticated phishing attacks are used against lawyers. The email may appear to be genuine, but it isn’t. This sophisticated phishing attempt shows the importance of being cautious when you receive emails from unknown senders.
The post Tips to Minimize the Risk of Data Breach in a Law Firm first appeared on Attorney at Law Magazine.