Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1388375
30 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S U M M E R 2 0 2 1 that hackers were able to inject malicious code into network monitoring software from SolarWinds on several government and Fortune 500 companies' systems. Earlier this year, a similar attack took place on Microsoft Exchange Servers. Once inside a network, attackers will wait until credentials can be stolen and then move onto other systems in the environment, attempting to compromise as many forms of data as possible. In an increasingly online world where connections between systems are expanding by the minute, the potential for threats and malicious code to enter your environment is great. Devices used at home or during travel can become infected and spread to your network if not properly secured. The risk of data loss no longer falls solely upon your network. Laptops containing critical company data can be lost, stolen or broken, making the data much more difficult or impossible to recover even with proper backup solutions. Technological Solutions Extending a firm's information security to legal professionals' home networks can be accomplished partly through technological means. Key factors in securing home networks include: • Setting up secure VPN tunnels to encrypt your sensitive data between remote devices and the information on your network. • Ensuring remote access servers are protected with some form of two-factor authentication, such as Duo. • Requiring the use of strong, unique passwords for each site or application with a firmwide password policy. • Setting passwords on your home and office wireless networks and ensuring that the default password is never used. The default passwords for every brand of home wireless solution can be found publicly online, allowing full access to the network. • Utilizing password managers, such as LastPass, are great for centrally managing, generating and storing complex passwords in an encrypted format while only needing to remember one password to access them. • Enabling device encryption technologies, such as BitLocker, to protect against malicious actors attempting to retrieve data from lost or stolen devices. In combination with a good password manager, the recover keys can easily be stored and backed up. • Deploying Mobile Device Management to ensure that phones and devices containing company data are secure with minimum security best practices in place, such as requiring PINs or passwords to access the device. • Limiting the number of points of ingress and egress to your company by using firewalls and network segmentation. This limits the number of potential areas exposed to the internet and the varying array of threats. • Implementing system-wide use of an anti- virus and anti-ransomware solution such as Sophos antivirus on both user workstations and servers across the organization. • Partnering with an organization to provide your company with advanced vulnerability scanning and penetration testing to ensure your systems are in alignment with security best practices and are updated with the latest security patches. • Making sure all security systems are up to date: • Use a modern, cloud-connected patch solution. This will ensure that devices which leave the office can continue to receive updates and security patches critical to keeping your data and privacy secure. • Ensure your workstations and servers are running a modern, supported version of their operating system which ensures security updates will continue to be provided by the manufacturers. • Update your firewalls to the latest available software. Firewalls are the first line of defense against the various F E A T U R E S