In today’s world, protecting your online accounts from cyber-threats is your responsibility. Defending against hackers is not optional. So let’s learn some basic defense techniques.
It seems every day we hear about another cyberattack data breach or company getting hacked. Cyberattacks are becoming so common now that we’re starting to become desensitized to hearing about them.
So, what’s going on?
Every year across the world, companies collectively lose over a trillion dollars due to cybercrime, data theft, ransomware, phishing and other types of online crimes. Cybercriminals use every tactic imaginable to steal data and grow their bank accounts.
The ABA TechReport 2020 survey found that the number of firms experiencing a security breach increased over the prior year, to 29% of respondents compared with 26% in 2019. Those numbers are increasing.
You’ll hear many lawyers say, “Our practice is too small to get hacked.” But the truth is law firms of all sizes (yes, solos too!) fall victim to cyberattacks every day.
Cybersecurity Defense Techniques
Hackers don’t pick and choose victims. They are focused on quantity versus quality — the more people they can try to scam, the better their chance at succeeding. We are all potential victims. To minimize the odds of your law practice getting hacked, you need to learn how to defend yourself.
Understanding these cybersecurity basics will help you prepare for the battle against hackers.
1. First, we need to talk about phishing.
So, we know that protecting our online accounts is a necessity. But what are we protecting against? Phishing has become one of the most effective tactics hackers use to access your online accounts. Hackers begin by crafting an email pretending to be your friend, bank, social media platforms, or any other account you may be familiar with.
A hacker wants you to act before you think. When you receive an email telling you to click a link, your first instinct should always be to pause. Just take one second to hover over the link and verify the URL. Then, check the sender’s address. Do you know who sent you this email and why? Is something being requested of you?
Cyber-Threat Defense: Go directly to the service or business website instead of clicking the link in an email.
2. Now let’s talk multifactor.
Multifactor authentication adds an additional layer of security to your online accounts by requiring multiple pieces of information to log in.
Even if a hacker stole your password, they would need additional information such as a cellphone to receive a one-time code. Without that required code, the hacker will have difficulty accessing your online account.
Your email account is the backbone to securing your online identity. If your email password is compromised, a hacker can view quite a bit of data about you. They can even start using your email to reset passwords for other accounts they want to access.
Cyber-Threat Defense: With multifactor turned on, hackers will be stopped in their tracks. Turn it on!
Tip: Phishing is getting harder to identify. If you’re suspicious of an email, ask for help. Contact your IT department or seek the support of other experts. Different cybersecurity solutions can help you better deal with the threat of phishing emails, such as cybersecurity training, phishing simulations, or AI-based advanced phishing filters that integrate directly with 365/G-Workspace, to name a few).
3. Don’t forget password safety.
There is more to cybersecurity than just dodging phishing attacks. You need to develop a sixth sense — or cyber sense — in your daily life.
Throughout the day, you’re constantly collecting and distributing sensitive information, and that data can be extremely valuable if it falls into the wrong hands. According to Rule 1.6, Rules of Professional Conduct, it’s up to you to properly manage and protect the privacy of your sensitive client data.
The average person has over 30 online accounts, and each one of these accounts should have a unique and strong password.
A great way to make a strong password is to use the passphrase system. Just think of a sentence like “hackers will never get me.” Grab the first letter of each word: HWNGM. Use this passphrase with a combination of letters, special characters and numbers. You can also store passwords in software tools called password managers to save them for easy access in a single vault.
Remember that your cell phone and other devices also have access to your online accounts.
If you have a weak phone passcode, for example, 1234, a hacker can access your email banking messages, payment apps, social media and other services in a matter of minutes. I want to point out that it is common for people to rely entirely on FaceID and forget they have an insecure password when that fails.
Cyber-Threat Defense: Use passphrases and a password manager.
As technology continues to mature, so will the security requirements needed to protect yourself. Your cyber sense will continue to grow as you become aware of the different tactics hackers use to try and gain access to your information.
4. Online Accounts
You look both ways to cross the road. Why not put that same caution into the way you manage your online accounts?
- Set aside time to analyze your online accounts’ vulnerability.
- Start with your most important accounts and review them step by step — strong passwords, two-factor authentication, privacy settings. Make sure you know who to reach out to for help, both at work and home.
- Your law firm should have a plan for protecting your different online accounts. Report anything that seems suspicious and ask questions if you’re curious about how your accounts are being protected.
Cyber-Threat Defense: Information security – protecting your sensitive information — is your responsibility. Be cautious of what services you permit to access your personal and business information.
Develop and Strengthen Your Cyber Sense Ever Day
The power is in your hands to recognize and defend against cyber-threats. Keep this positive momentum going and share what you’ve learned with friends, family and co-workers. If we all work together, we can become a powerful force in the fight against hackers.
Subscribe to Attorney at Work
Get really good ideas every day for your law practice: Subscribe to the Daily Dispatch (it’s free). Follow us on Twitter @attnyatwork.