Legal Industry Cyber Security: 8 Do's and Dont's

Submitted by Erica Kastner on Tue, 01/ 28/ 20 - 12: 00 PM

Legal Cyber Security

CYBER SECURITY | 8 MIN READ

The legal industry ranks among the healthcare and finance sectors as one of the most targeted industries for cyber attacks. The common thread that makes them attractive targets is the personal information that they store and have access to. Read more to learn how, as a member of the legal industry, you can stay protected from cyber attacks.

If your organization's network was crippled by a hacker, a host of negative consequences could unfold. For instance, your case files could be encrypted and held for ransom, effectively halting work in the office.

If hackers stole sensitive information during a data breach, your firm could potentially be sued. If you wish to avoid facing the potential consequences of a cyber attack, you need to ensure that your company or practice has sufficient cyber security measures. 

Do: Create a password policy

Legal Cyber Security Best Practices

Creating and enforcing a company-wide password policy fosters a culture of personal accountability. Password policies help educate employees who might not know how to create and maintain secure passwords.

A main focus of any password policy should be to limit how much employees write down their password, whether it be on a sticky note left on a nurse's station or in the Notes app on an employee's phone. Writing a password down anywhere leaves it susceptible to being found by hackers.

Additionally, for employees who use a variety of programs and might have trouble remembering passwords for all their accounts, using a secure password storing program can ease the burden. 

Password policies should include points like creating passwords that don't use easy-to-find information such as birthdays and employee children's names. 

RELATED: How to Train Employees About Cyber Security

Do: Secure your copiers and printers 

Think of all the private documents that your company copies, prints, and scans every day. Now imagine a hacker having access to the data on those copiers and printers.

When hackers think of which parts of a business network to target, many might think to aim for computers because of all the sensitive documents and programs stored on them, but sometimes, hackers instead aim directly for the printers and copiers, which can let them access private files and enter your network.

One way to leave your office machines susceptible to data breaches is by enabling features that let you access documents stored on your copiers and printers from your computer. When setting up your copiers and printers, disable this feature, if you can. 

Personal copiers and printers typically used in managers' offices come with a host of security risks. For instance, personal printers can have a "print from anywhere" feature that lets you print documents even when you're away from the office.

However, this "print from anywhere" feature has little security because it has to create a hole in your firewall to allow you to communicate with the machine from anywhere in the world, which can create a security gap that lets hackers into your network.

While enabling a "remote support tools" feature lets your machine dealer remotely assist you in fixing issues, this two-way form of communication creates network security gaps. If you have this feature on your copiers and printers, either turn this feature off or try to opt in to one-way outbound machine support with your dealer. 

To patch a potential security threat in your business, consider upgrading to newer copiers and printers because of their updated security features. As an additional security layer, consider scanning your network for any open ports on the copiers and printers can help identify any existing security gaps.

RELATED: How Can Your Printers Have Security Risks? [Tips to Protect]

Don't: Share private files without secure file-sharing software

Legal Cyber Security Best Practices

Sometimes co-workers forward over files to you,a client, or a new office. Don't mail private files, fax them in an insecure way, or email them over an un-secured server. You risk these files being accessed by the wrong person.

For instance, your fax could be intercepted by someone else standing by the machine, which could potentially break data regulations if that person reads a sensitive document.

For a more modern approach to faxing that will help you stay compliant, use email encryption software to send documents. This software will scramble the data in the file so that only the intended recipient can view it. 

For instance, our comprehensive cyber security package includes a service called Mimecast which can help keep private documents secure when they're sent internally in the company or externally. Mimecast also helps prevent phishing attacks by regulating emails that come from unknown email addresses. 

Don't: Manually back up data

Cyber Security Best Practices for Legal

Using employees to manually back up data comes with a host of potential issues. First, even the most perfect employee can be subject to human error. This could mean that a scheduled backup is forgotten about or completed incorrectly.

Whether the external hard drive is left at your facility or at an employee's house, in either scenario, the building could be subject to a burglary, fire, or natural disaster, which means that you automatically lose all that data.

Without automated backups conducted by external professionals, your company is left vulnerable to loss of vital data, whether that stems from a burglary, natural disaster, employee error, or cyber attack. 

To keep your data secure, consider letting a third party company handle your data backups. They can automatically back up your data as often as you want, for instance every 30 minutes, taking the pressure of scheduling backups off employees.

To ensure that your data is safe, these companies store it in multiple locations, ranging from an on-site server to a primary and secondary data center.

Data housed in an external data center is more secure than it would be in your building or with an employee because these centers come equipped with added features like 24/7 security, re-enforced structures, and state-of-the-art fire suppressant systems. 

Increasing the amount of backups a day and housing your data in multiple secure locations means that, in the event of a cyber attack, a third party company can minimize the amount of network downtime in your company.

In the instance of a cyber attack, if your data backups aren't fully automated or secured, network downtime can last up to 3-5 days, costing you money every minute.

Here at Standard Office Systems, our average downtime is 1-2 hours because we ensure that our clients have a robust backup recovery system in place.

Do: Educate employees on cyber security best practices

Cyber Security for the Healthcare Industry

Your employees are your weakest link when it comes to your practice's cyber security. You could have the best cyber security tools available on the market and your entire network could be brought down because one employee clicked on a phishing link or created a password that's easy to hack.

Training employees about good cyber security practices from the day they start work will help build a company culture of cyber security awareness. Sometimes, managed IT services providers have cyber security seminars for their clients' employees.

For instance, they can send out fake phishing tests to employees, and then pull any employees who fall for the phishing scheme into a seminar that will teach them about cyber security best practices. 

RELATED: 15 Cyber Security Statistics You Need to Know

Don't: Leave Sensitive Information Unsecured 

To keep data secure, see if you can put automatic logout settings on any programs that contain sensitive information. This prevents anybody visiting the office from walking by a desk or breaking into an office and easily accessing important files.

Additionally, when possible, try not to email sensitive information between employees. Emails can be hacked, which leaves any emailed information vulnerable to hackers. Instead, try to hand-deliver requested files or information over the phone. Smaller paper trails create less opportunities for hackers to access this information. 

Do: Implement role-based security

Employees don't need access to every bit of private information that your practice has. Letting employees access all private information, from secure financial documents to case files, risks an employee with bad intentions leaking the information.

Additionally, company-wide free information access means that hackers have more chances of finding an employee with access to a certain account.

Implement role-based security procedures within your practice to minimize the risk of important information being leaked or stolen. Assign different levels of security clearance to employees based on how important it is for them to have access to that information.

For instance, a blue level employee who is simply a secretary might just have access to calendars and scheduling systems, while a red level employee handling the company's financials might just have access to financial accounts and programs.

Role-based security prevents employees from accidentally seeing information that does not pertain to their specific duties.

Don't: Have just one layer of security in place

Healthcare Cyber Security

Having little to no cyber security measures in place, such as using just a firewall or an anti-malware software, leaves you extremely vulnerable in the event of a cyber attack.

Robust cyber security systems with multiple layers of protection, including software, hardware, and trained IT professionals to monitor and patch up your network, ensure that your network and the private information it holds stay safe. 

Consider managed IT services as a way to holistically protect your network from hackers. Managed IT services layer multiple security measures in a proactive approach.

They install and maintain up-to-date security hardware and software, educate employees on cyber security best practices, and resolve any security issues that arise.

By implementing multiple security measures, you reduce the chances of having to become reactive in the event of a cyber attack. This can save you money from potential data breach lawsuits, prevent compliance violations, and reduce downtime in the event of a cyber attack.

As a member of the legal industry, you understand the risks associated with your practice's private information getting out. Partner with a third party IT company who comprehends the unique risks associated with your industry so that you're well-protected in the event of a cyber attack.

Get Your Questions Answered Now

Posted by Erica Kastner


LinkedIn

small business cyber security, small business cyber security solutions, cyber security