Peer to Peer Magazine

Winter 2015

The quarterly publication of the International Legal Technology Association

Issue link: https://epubs.iltanet.org/i/624538

Contents of this Issue

Navigation

Page 46 of 71

PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 48 FEATURES As a small or midsize law firm, you might think you are less vulnerable to security breaches, but taking the proper steps to secure data is just as important for the smallest firm as it is for the largest. Here are some low cost (and no cost) ways to bolster your security. PASSWORDS A critical first step in protecting the security of your firm's assets, and one that few firms actually implement, is to force regular password changes and require complex passwords. Many small firms provide new users with a simple password (something as basic as "password1") and assume the user will change it, but often the change does not happen. Password changes can frustrate users, but requiring this inconvenience provides great value to the safety of a firm's information and reputation. Firms can administer this process easily by automating required password changes every 90 days, for example, at little to no cost. Despite some individuals' resistance to change, it is better to explain a password policy internally than to explain the lack of one after exposing a client's data externally. In addition to frequent changes, making passwords complex ensures these network "keys" are difficult to guess or crack using brute force attacks. One way to identify complex, secure passwords is to use a pass-phrase, such as, "I was talking to Jim this morning," with proper punctuation and capitalization. A pass-phrase can be easier to remember while being extremely complicated in its structure and more difficult to crack. Users should also have unique passwords for every website they visit. For those averse to employing unique passwords, encouraging the use of different passwords for various functions (company accounts, bank accounts, social media accounts, etc.) is a step in the right direction. In a recent example of how problems arise from sharing passwords, Mozilla, maker of the popular Firefox Web browser, was hacked due to a super-user using the same password on multiple websites. After his account information was exposed on one site, hackers used the same username and password to get into Mozilla's internal network. The attackers stole information related to 53 critical security vulnerabilities within the browser. Then they used at least one of those flaws to target users of the Firefox browser. TWO-FACTOR IDENTIFICATION Though passwords offer obstacles to undesired access, they confirm only that a user knows the access code, not that a user is who he/she claims to be. Two- SMALL FIRMS NEED SECURITY TOO!

Articles in this issue

Archives of this issue

view archives of Peer to Peer Magazine - Winter 2015