Cyber Security For Legal Firms In The Time Of COVID-19
The “new normal”.
For many firms, this transition to digital spaces has been what many consider the “new normal” within business during COVID-19.
And while this massive digital transformation has been a much needed life line for businesses, even those outside of the legal industry, the transition has had its pitfalls.
As more companies began to eschew the physical for the digital, the threat of cyber attacks has become more prominent.
Attacks such as the major Zoom credential leaks, “Zoom-bombings”, and massive data leaks have caused untold damage to companies across all industries.
This highlights the need for a new transformation, one that involves adequate measures and SOPs built to withstand intrusion.
So, that being the case, how can your legal firm protect itself and its data within the “new normal”.
1234Passwords
While it might seem obvious to state but it is surprising to learn that most cyber intrusions occur due to simple user errors and weak credentialing SOPs.
And while most individuals might understand that a weak password is simply begging to be broken, the common practices that many employ to strengthen their credentials might not be enough.
As brute force attacks became more prevalent, it became necessary to create credentials that would not be bypassed with a simple program and a bit of time. This gave rise to passwords that incorporated unique strings, symbols and numbers which in principle made it more difficult to simply apply an algorithm crafted to overtake credentials.
Though, as attacks become more sophisticated, it is necessary to adopt standards that have evolved alongside the threat.
So what does that mean for your firm?
It is now necessary to utilize SOPs that take into account both the sophistication of intrusion attempts as well as the potential damage these attacks can cause.
For your firm, it now means creating and utilizing systems that store encrypted credentials that have been generated utilizing an encryption method such as SHA-256. Once a secure credential has been generated, systems that have been specifically created to store and serve these logins must be utilized as to limit the possibility of user error at any point of the process.
Gone Phishing
In addition to compromising networks via brute force attacks, hackers have begun to strengthen attempts to willingly seperate users from their private credentials utilizing phishing and man in the middle attacks.
And while these type of attacks rely on a user unknowingly providing information, they can be quite effective if a user is not familiar with the signs of phishing attempts.
Generally, the most common phishing attacks will involve a spoofed, falsified, email that prompts the receiver to provide credentials on a premise of it being necessary, usually by informing the user that their account must be verified.
And while the sophistication of these attacks can vary from amateurish to indistinguishable from the real thing, there are simple SOPs your firm can employ to ensure that your data is safe.
So what does that mean for your firm?
It is now necessary to train your team regarding the ways in which hackers may try to phish for credentials as well as set SOPs in place to follow if a member of your firm receives an email they are unsure of.
Given that these types of attacks require the user volunteering credentials, the main method of ensuring they are ineffective is educating your team regarding their threat and prevalence.
Questions? Comments?
We’d love to hear from you in the comments below!
And if your firm is ready to take on a new digital decade of legal practice, it’s time for CoreMatter.
CoreMatter, the leading cloud-based case management tool in SE Asia, frees your firm from the mess of the mundane to focus on what matters most.
To see what CoreMatter can do for your firm visit our sign up page and receive one FREE MONTH of service when you sign up today!