The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
WWW.ILTANET.ORG 49 attorney and records management personnel have entirely different data requirements and do not require regular access to each other's data. By having the firm's information open to everyone, you expose your data to greater risk. If, for example, a single user is infected with malware or ransomware, it can affect everyone's data across all departments. By limiting users' access at the file and network levels, your firm can diminish the reach of any user or malware that might compromise it, either maliciously or accidentally. Many firms have experienced CryptoWall or CryptoLocker infections within the last few years. These ransomware variants exploit a user's rights and mapped network drives to identify and then encrypt files to elicit a ransom. While a good backup routine allows firms to recover data from the most recent backup, reducing user access mitigates ransomware's ability to affect the data. More firms are limiting the number of mapped drives to further reduce the attack vector of this risk; however, there is no guarantee the next variant of this product will not seek data the user has permission to access using other methods. Limiting each user's data access, firms can minimize the impact of an infection, reduce recovery time and increase the firm's ability to provide quality services to clients. TIME-SYNCHING Additional contributions to a firm's security are made by having centralized logging and synchronizing the time on all network devices. If there is a breach, your security staff can review the logs to see everything that has happened or is happening in one place and in sequential order. Your firewalls, switches, servers and Wi-Fi access should all have time-synching and logging capabilities — you just need to configure them. WI-FI ACCESS Do not forget about your Wi-Fi! People often forget Wi-Fi is not as secure as physical wiring. Unlike most systems within your network, Wi-Fi allows people not physically inside your environment to access your system. If your firm has internal Wi-Fi, secure it and set up access logging. Internal Wi-Fi should require authorization, and every user should have a unique login. In an optimum scenario, you would not have an internal wireless network. Consider instead a limited public Wi-Fi option situated outside the firm's firewall on the public Internet. This Wi-Fi, available to guests, clients and internal users, is similar to Wi-Fi access at Starbucks. Authorized users can use virtual private network (VPN), certificate-secured Web mail or remote desktop solutions to access secure internal systems without increasing the risk footprint of the firm's Wi-Fi network. ANTIVIRUS AND FIREWALLS Firms often overlook the need to verify that their antivirus programs are up to date and looking for more than viruses. "Virus" is now a common term for many types About the Author Eli Nussbaum is a Managing Director at Keno Kozie Associates. He joined the firm in 1998 as part of its Y2K audit team. Eli then became a full-time engineer and has held every position within the department. During Eli's tenure with Keno Kozie, he has focused on physical, virtual, and cloud infrastructure design and implementation for both client and desktop environments. Contact Eli at enussbaum@kenokozie.com. About the Author Nic Samodurov is a Senior Consultant at Keno Kozie Associates and has over 16 years of involvement designing, building and managing IT infrastructures. His IT management and implementation experiences include many local, national and international legal firms. He has completed certification exams for the CISSP, CISA and CISM. Contact Nic at nsamodurov@kenokozie.com. factor authentication provides greater user validation and limits the ability of users to share their passwords (another major no-no). This security methodology, which is in ever-greater use within the financial industry, requires two pieces of information for access to sensitive material: Something you have, such as your phone or a dongle to receive a temporary passcode Something you know, such as your password Requiring two-factor authentication mitigates the risk that a lost or compromised password exposes, further guarding against an imposter gaining network access. RSA's SecurID is one of the oldest and best-known products that support this functionality, while solutions like Duo Security and Google Authenticator can be more economical. Microsoft uses Google Authenticator to secure its data when users connect to the Microsoft cloud. INFORMATION ACCESS The next step is to create an environment that offers users access to only the information they need. Weigh simplicity against restricting access only to those who require it for their job responsibilities. Many small firms have their file and folder structures wide open, allowing different departments to view each other's data. Accounting, paralegal, administrative, 1 2