Cyber safety rules for legal

By Fiona Hamilton, head of client services, Sprout IT

Given the highly sensitive nature of the data held on individuals and companies by legal firms, solicitors’ practices and barristers’ chambers often find themselves disproportionately targeted by cybercriminals keen to access their systems, download their data, and sell it to the highest bidder.

What are Sprout IT’s top 8 easy-to-follow rules for firms looking to protect themselves, their clients, and their staff?

1.   Don’t use obvious passwords

This is very useful advice which has been given out by IT and cybersecurity professionals for years but which continues to fall upon deaf ears among most of the consumer and business population.

SplashData, as reported by CSO, released its “top 25 worst, most insecure passwords used in 2017” and the list was dominated with the usual suspects – “123456”, “password”, “12345678”, “qwerty”, and so on.

Using strong, guess-proof passwords is the only really effective way to keep personal and corporate data safe. If managing a set of different passwords for different accounts is too much for you or your team to manage, invest in a password manager.

2.   Firewall

Not matter how well protected and secure your network, your first line of defense should be firewall. Firewalls block attempts from unauthorised users or computers from gaining access to your network.

Remember too that your network is more than just the computers connected to your main server. WiFi connections, webcams, office temperature control systems, and more also need protecting with a firewall because they are, to a knowledgeable person, a relatively simple way of gaining unauthorised access to a computer system.

3.   Network security

At home or work, make sure you use a password-protected router to encrypt your data. If you’re away from the office and you’re using a public WiFi connection, be aware that all WiFi connections are insecure (indeed, they can all be hacked) so an investment in a Virtual Private Network (VPN), which creates its own secure and private tunnel over the internet, would be a very worthwhile consideration.

4.   Be careful where you surf and what you open

Websites which use Java consoles or contain Flash video players are often used by hackers to download files onto users’ computers without them even knowing. It’s the same with email attachments whose contents can be manipulated to fool anti-virus software.

Emails are also used by cybercriminals in social engineering and phishing attacks. Before you respond to any email, no matter how legitimate and credible it may look, be sure to do your due diligence on the sender before you do anything based upon the contents.

5.   Security on the go

Be wary of buying any heavily discounted software for your network or computers because they may be pirate copies of legitimate programs. Pirate copies work by disabling the reporting-back and security functionality of the original software to allow a purchaser to use the software as intended without any notification back to the vendor that an unauthorised copy of their software is being used. And it’s this disabling of some of a program’s key functionality than can leave you wide open to attack from outside.

In addition, as business continues to make greater use of smartphones and 4G-enabled tablets, make sure that you only download official software from Google Play and Apple Store.

6.   Make your personal details private online

Information posted by individuals and companies online make it easier for cybercriminals to attack them. If there’s too much on LinkedIn about your company’s members of staff and their responsibilities, this is often used in so-called “CEO frauds” and other scams.

7.   Look out for the padlock

Soon, Google will penalise sites which don’t use the “https” security standard by placing them further down the rankings on user searches. You’ll see the “https” prefix on online banking sites and on the parts of e-commerce sites into which you enter your personal and financial information.

8.   Keep your software up to date

Most legal firms have, over the course of many years, installed various different software products onto their network and their systems, many of which end up being replaced over time by newer and more capable software products. Often, even though a program is no longer being used, it will remain on a firm’s systems and, because it’s not updated or its vendor has stopped supporting customers, its presence on your system becomes a security threat.

Make sure that you remove all unused software from your system and that, for all the software currently in use, you and your IT team update it every time a new version or patch is launched by a vendor.

Contact Sprout IT

Sprout IT works with solicitors’ practices and barristers’ chambers across London and the South East. To speak with one of our team about making sure that you and your staff are taking the right action to stay safe online, please call us on 020 7036 8530 or contact us here.

If you're more interested in Sprout IT's cyber safety services, visit our Cyber Resilience Solution page or download our white paper below. 

Post a Comment

Add your comment