SAFEGUARDING CLIENT DATA
6 simple steps can help firms avoid being the next data breach headline By Todd Sexton
to secure client data. You will not need to understand every acronym, but it will As cybercrime grows throughout instruct you to ask the correct questions the United States lawyers continue to when contacting a security provider and be targets due to the extensive amount knowing what key components to ask of sensitive data they possess and com- for. municate electronically. Cybercrime Here are six security processes impacted 143 million American in lawyers should deploy to aid in meet2017 — more than 50% of U.S. adults ing their fiduciary responsibility to their online – according to MIT Technology clients. Review. Despite this widespread expo1. Email encryption – Standard sure and great need for client confiemail is highly vulnerable to indentiality, less than half of law firms terception. Using email for client implement top-weighted protocols, communication without encryption according to Logicforce’s most recent exposes your clients to breach and Law Firm Cybersecurity Scorecard vulnerability. The standard of secure industry. communication I suggest is to locate Attorneys have increased their a provider vetted by your Bar utilizing understanding of the need to protect end-to-end encryption with AES-256 client information in recent years, stud(Advanced Encryption Standard) ies show, but since the steps to protect protocol. A solution takes moments electronic information are often unclear, to implement and provides one of the many firms maintain the status quo greatest levels of security. and hope they are not the next headline 2. Hard Disk Encryption – for exposing client information.A 2017 Standard access passwords are insufsurvey by the cybersecurity defense ficient if a mobile or laptop device strategy consultancy firm eWranglers is lost or stolen. Use device or hard showed that 75% of attorneys recogdrive encryption with a standard of nized email was one of the greatest risk AES-256 protocol. These solutions are areas. Despite that realization, the sursimple to deploy and create significant vey found that 67% do not secure email, protection for information at rest as 42% do not protect against spam, and well as a defense from ransomware. 36% simply don’t know how to protect 3. Firewall – A firewall is a netthis information. work security device or software that Cybersecurity is an extensive and monitors incoming and outgoing netcomplex subject, with a labyrinth of work traffic. This will allow or block information that can be difficult for specific traffic based on a defined set attorneys to make sense of. The goal of security rules. This technology will of these six highlighted areas of focus assist in the prevention of attacks is to serve as an outline of processes to from exterior intrusions of your comadminister and improve the security of puter or network such as malware. your firm. This will not cover every area 4. Anti-virus – The primary of security or the most in-depth knowlpurpose of these common programs edge for an advanced user, however, it is to protect computers from viruses will guide an attorney on the basic steps and remove any viruses which are
WWW.MONTANABAR.ORG
discovered on your computer or mobile device. It is critical the software is updated daily so it may prevent the newest attacking viruses from penetrating your system. 5. Wi-Fi Security – Never use free or open Wi-Fi networks. Use a known secure network or use your mobile phone as an internet connection device. Open Wi-Fi networks are a simple access point for cybercriminals to steal your data or compromise your computer. Furthermore, when installing a Wi-Fi network ensure they are using either WPA2 or WPA3 (Wi-Fi protected access) standards for security as these are simple and the most advanced protocols. 6. Education – Understanding how cyberattacks occur is one of the best ways to combat these vulnerabilities. The state bar has recently taken measures to ensure that there are monthly and quarterly education programs focusing on cybersecurity, changing data-handling regulations, and ethics in the digital age to ensure the greatest understanding and ways to combat ongoing threats. Make sure you check with the State Bar of Montana for the upcoming lecture schedule and get informed. These six strategic processes will greatly increase your firm’s ability to meet your fiduciary responsibility, ensure your clients’ protection and create less worry that you will be included in the next data breach statistic. Make sure you are not placing your clients in harm’s way, begin changing the security of the legal community, start the change with your practice today. Todd Sexton, MBA, is a cybersecurity expert and the president and CEO of Identillect Technologies.
APRIL2019
21
