10 cybersecurity tips for lawyers
"Lawyers have an ethical obligation to protect their clients' information," and in this day and age that means electronically stored information, observes ISBA Intellectual Property Section Council member Margo Lynn Hablutzel in the March Illinois Bar Journal. With that in mind, she offers 10 cybersecurity tips for lawyers to consider.
1. Change the factory password on a device to something different and uncommon "so hackers don't gain access through factory-installed passwords."
2. Change passwords often.
3. Use strong passwords that include "a combination of letters (sometimes requiring both upper- and lowercase letters), numbers, and symbols."
4. Consider using dual authentication, which "requires two items to confirm a person's right to access your systems, the simplest being an email address and a password."
5. Limit file access to those who need it. "Some firms set up secure areas for major clients which are accessible to only specific persons from both the firm and the client," Hablutzel writes.
6. Disable passwords when someone leaves the firm.
7. Plan for a cyberattack or breakdown as you would for other disasters.
8. Train your team to avoid spoofing and phishing and to "'trust but verify' before clicking on a link or sending out any information."
9. Require cybersecurity in nondisclosure and employment agreements. Doing so reminds staff and outside consultants "of the need to respect the confidentiality...and follow specific protocols."
10. Investigate your vendors' cybersecurity practices. "Ask vendors, especially those with access to your systems," what security steps they take.