Lawyers work with confidential and sensitive client information every day, which means they need to take precautions to keep this data safe. Many high-profile data breaches have occurred in the past few years, exposing millions of people to the risks of compromised data, including identity theft. Along with tightening a firm's online security, lawyers should create stronger passwords and encourage their clients to do the same.
It's often difficult to keep track of the growing number of accounts and passwords attorneys use every day. Many professionals try to create a shortcut by using the same password for everything, or even worse, setting passwords as simple words or numeral combinations such as "12345" or "password." A report from Verizon revealed 76 percent of security breaches happened after hackers used stolen user credentials to access a company's system, which is easier when employees don't use strong passwords.
More accounts mean higher risks of data breaches
Sony Pictures Entertainment's December data breach was a high-profile example of the importance of stronger passwords. Hackers erased data from the organization's systems, released previously unavailable movies to the public and revealed employees' private information, salaries and other sensitive documents. Among the released information was a list of employees' passwords, which included weak safeguards such as "password" and "s0ny123," according to Mashable. Employees' computers contained home addresses, current salaries and even credit card numbers, which were exposed in the cyberattack.
Imagine the information hackers could expose by accessing private legal files.
Cyberattacks in the legal industry
Law firms don't have the same obligation to report cyberattacks as consumer companies, but a preventable hack may be a breach of confidentiality. Attorneys need to ensure they utilize more complex passwords to mitigate this risk.
Firms may not think they are vulnerable, but many hacks occur simply because there is an opportunity, Lawyerist said. Cybercriminals run scans for weaknesses on any computer connected to the Internet and have many ways to access computers. Lawyerist reported an attorney lost $289,000 by clicking on an attachment in a scam email. The attachment contained a virus that allowed cybercriminals to view everything on the computer. The lawyer later accessed the firm's bank account from the same computer, giving the hackers an easy way to transfer the large sum to another account. Additionally, the firm's bank refused to cover the loss.
Although cybercriminals have multiple ways to infiltrate computers, low-tech methods of identity theft are still common. Lawyers are at a heightened risk for data or financial losses if a bank statement is swiped from the trash or a wallet or laptop is stolen. In particular, a stolen work laptop is a substantial risk. Not only does it have the firm's account information on it, but it also has clients' banking data if they pay online.
How to protect sensitive information
Passwords don't need to be 20 characters long to be effective. Twelve characters is typically long enough, as long as the words are unique. Lawyerist recommended avoiding real words that can be found in a dictionary. Additionally, attorneys shouldn't use the same password for multiple services, especially if it's something critical such as email and bank accounts. If a hacker can access one website on a computer, he or she can get on every site that uses the same password. It's important to store passwords in a secure location. Never leave them on sticky notes on a monitor.
Two-factor authentication is another way to better secure sensitive client information. This process utilizes a known password and a code generated from an app and sent via text or email. Because it takes more than a password to access the account, hacking is difficult for cybercriminals to infiltrate. In addition, lawyers can encrypt files to make them harder to decode.
Because INSZoom's advanced platform enables document sharing in the cloud between lawyers and their clients, it's crucial for all parties to take the proper precautions to keep data secure. Making stronger passwords costs nothing and takes little time, but not taking these steps exposes firms and clients to significant risks of identity theft and lawsuits. INSZoom allows lawyers to build better relationships with clients while keeping data secure.