3 Questions that Law Firms Commonly Ask About Cybersecurity
1) What should I do when I get an email from a client or one of the law firm partners with money wiring instructions or asking for important passwords/credentials?
You might have already experienced it as a law firm trying to navigate the realm of technology, but phishing and social engineering attacks are on the rise-- especially for law firms.
Hackers will often send emails from compromised email accounts to contacts, asking for bank account information, money wiring, or login credentials for systems that hold sensitive data. The false emails often look and sound extremely similar to the owner of the compromised email account, making them difficult to spot. Law firms are a huge target because it’s not unusual to ask for large amounts of money to be transferred, or wired, or to handle sensitive data amongst employees.
As a result, there should always be a verification process – a written policy is highly recommended. If you can walk down the hall to see the person in your office who actually sent the instructions, that’s a good way to get verification – and a little exercise. You can also pick up the phone and call the partner or client – but never use a phone number contained in the suspicious email about the wiring instructions. Use a number you know to be that of the partner or client. Often, just going the extra mile to verify and confirm that the suspicious email request is valid can save you major headaches down the road.
The same advice applies to requests for W-2 information – this scam tends to peak every year around tax time for law firms. Requests for records or completed forms with sensitive data like social security numbers, addresses, birthdays, etc. should also be followed up with the client or partner.
In general, if you have a slight inkling that something isn’t right, then it doesn’t hurt to double-check. Your clients and your law firm will thank you.
2) I am working from home. How do I secure my wireless network (Wi-Fi) at home?
This is a really good question that most people who work from home don’t ask or even consider asking.
First, change the default settings of the wireless router. You should change the settings for the network name (SSID), IP address range, administrator ID, password, etc.
Next, configure the Wi-Fi to be encrypted. Currently, there are three types of Wi-Fi encryption – WEP, WPA, and WPA2. WEP and WPA have been cracked and there are free tools available to break their rather weak encryption format. WPA2 has also been cracked, but vendors have been developing patches to improve security. The good news is that the WPA3 standard has been approved and is available on the market.
As a result, you should be configuring your wireless router to use either WPA2 encryption, but preferably WPA3 at this time. Keep an eye out and upgrade/replace your wireless router to one that supports WPA3.
3) Technology is moving so fast! How do I keep up with it as a law firm?
We didn’t want to recommend a long list so we narrowed it down to our favorite resources:
Encompass IT Solutions Blog. If you sign up for this free blog, you will receive monthly emails with the latest topics.
Attorney at Work Blog. They offer a good tip each day. Not all of the tips are legal tech, but all the tips are interesting and many involve technology.
Beyond these resources, there are plenty of legal tech podcasts at Legal Talk Network. If you are driving to work every day or taking a train/plane/bus, listening to a podcast is a perfect way to learn – and it makes travel time pass faster!
Don’t forget CLEs! And ask your colleagues for recommendations regarding speakers who both inform and entertain. Legal tech is hard enough for most lawyers – a few entertaining stories along with the legal tech education is always a good mix.
Another great way to stay up-to-date on technology is by having an IT company that you trust to review your technology setup and secure any vulnerabilities. Certified technicians will definitely be more up-to-date with current cybersecurity issues and have an obligation to make their clients aware.
If you’re concerned about your current IT support or are interested in a second opinion on your law firm’s technology setup, feel free to give us a call at (860) 785-6233 or contact us to set up a Free IT Consultation, where we’ll go over the current cybersecurity industry standards. Find out how we can relieve headaches and worries for you and your law firm.