October is Cybersecurity Awareness Month
Updated: Oct 22, 2021
What better way to welcome fall than with a celebration of cybersecurity! October is, of course, cybersecurity month. All joking aside, cybersecurity is a serious subject which has caused a lot of grief for lawyers and law firms who have faced significant financial losses when cyber-attacks occur.
In 2020, a sharp increase was reported in cyber-attacks that targeted businesses using stolen logins and passwords. Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top
leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, clients, and capital safe and secure.
Here are some tips from the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency:
Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
Don’t make passwords easy to guess. As “smart” or data-driven technology evolves, it is important to remember that security measures only work if used correctly by employees. Smart technology runs on data, meaning devices such as smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices in order to prevent data breaches. For more information about smart technology see the Internet of Things Tip Card.
Stay up to date. Keep your software updated to the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you don’t have to think about it and set your security software to run regular scans.
Social media is part of the fraud tool set. By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about your partners and vendors, as well as human resources and financial departments. Employees should avoid oversharing on social media and should not conduct official business, exchange payment, or share PII on social media platforms. Read the Social Media Cybersecurity Tip Sheet for more information.
It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages after reporting or forwarding all phishing attempts to a supervisor, so that any necessary organizational updates, alerts, or changes can be put into place.
For more information about email and phishing scams, see the Phishing Tip Sheet.
Other helpful tips can be found at:
Clio’s 2021 Law Firm Data Security Guide: How to Keep Your Law Firm Secure