Computers, networks, the Internet and digital services are at the heart of our professional and personal lives. Cybercrime, including hacking, phishing, social engineering and denial of service attacks are a fact of life.
A top priority for all law firms and corporate legal departments is to ensure that online activities are protected.
Without this protection, law firms and legal departments risk incidents ranging from minor inconveniences to complete and total loss of services and information. The financial and professional costs of even a modest cyberattack can be crippling. Lawyers also have an ethical duty to protect the confidentiality of client information.
There is no ‘one size fits all’ approach but there are several best practices that act as a good starting point to protect your firm or legal department. Talk to your Information Technology professional about these and other preventative measures you can take to protect your systems and your data:
- Monitor your systems for any suspicious activity. Train your staff to spot and report suspicious messages or activities on their equipment and services.
- Use strong passwords on all smartphones and computers and change them regularly. Password management software can help you remember your passwords while keeping them as strong as possible.
- Configure a firewall between your equipment and systems and the Internet.
- Use up-to-date antivirus and malware protection on all computers, laptops and handheld devices.
- Backup your data and ensure that you have an offline copy to protect yourself against cyberattacks.
- Encrypt laptops, USB sticks and backup media.
- Make sure all critical software patches and security updates are applied as soon as possible.
- Use a Virtual Private Network (VPN) or other encrypted connection to access public wireless networks. Otherwise avoid using public WiFi in hotels, coffee shops and airports since they are notoriously insecure.
- Keep servers and equipment physically secure.
- Remember to cancel access to your network and services when employees leave the organization. Also, change passwords to shared access accounts including social media.
You may also want to consider getting cybersecurity insurance, to cover the cost of recovering from a data loss arising from a security breach or other cyber event.
You can find further cyber security information and advice at the Government of Canada Get Cyber Safe website.
*Adapted from material produced by the Law Society of British Columbia: For more information, see Employee Fraud, Cybercrimes and More on the Law Society of British Columbia’s website.