The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA BEST PRACTICES 16 related issues. This insurance provides liability coverage in the event your network infects or attacks another company's network or if your website is hijacked and used to spread malware. Contact your agent or carrier to discuss your needs and what your existing policies include. KEEP ON THWARTING By understanding where dangers lurk, law firms can implement the protection that best suits them. Don't let cyberattacks affect your business — keep on thwarting! Investigate insurance to transfer risks that can't be eliminated. For the risks that remain when your security protocols and systems are in place, insurance products are available to provide law firms with protection. Products vary widely, and many include consulting support during a breach and assistance with breach response activities (notifying affected parties, call center support, credit or fraud monitoring etc.). Cyber-liability coverage is also available and is distinct from data breach coverage. Cyber-insurance typically addresses business interruption as a result of technology or supplier has a security incident. For connections to networks with sensitive or protected data, consider multifactor authentication. Hire or retain an information security officer. The cyberthreat landscape is always evolving, and the tools favored by hackers today will be replaced by something else tomorrow. It's crucial to your firm's security posture to be able to adapt to changing risks and respond to new threats. An experienced information security officer will understand how new security defense tools and policies will best fit into your firm's network, culture and budget. The role of information security differs from information technology (IT). Information security focuses on ensuring the confidentiality, integrity and availability of a firm's information assets. The IT team generally enables business operations to be conducted quickly and easily through an array of hardware and software. On occasion, the goals of IS and IT might conflict, and a firm may have to balance ease of use and security. To ensure the best in security and technology support, savvy law firms will want to maintain a separation between these two very distinct roles. Depending on the firm size, the position of information security officer could be filled by permanent staff or by an experienced external contractor only engaged to the extent needed. Information security should not be an added task given to a current employee not trained and focused on security. REQUIRE STRONG PASSWORDS. Employees should adopt complex, hard-to-crack passwords. This has become especially crucial as processing power has increased and online password cracking services have proliferated. Firms should mandate that passwords be at least nine characters in length; contain a mix of uppercase letters, lowercase letters, numbers and special characters; and be changed at least every six months. In addition, employ two-factor or two-step authentication when possible. TRAIN YOUR EMPLOYEES. Even the strongest antivirus software and firewalls can't stop malware that has been "invited" into the network by an unwitting employee who clicks on a suspicious hyperlink or opens the wrong email attachment. Educate your employees on current threats and how to avoid costly mistakes. Send security tips and reminders, such as using a different browser for "surfing" the Web from the browser used for connecting to the time and billing system, to employees regularly to reinforce security standards. Employees should be trained to alert the helpdesk or information security officer if they suspect their login credentials have been compromised or if their smartphones, tablets or laptops have been lost or stolen. DEVELOP AN ACTION PLAN. An incident response plan gives everyone in the firm a road map for responding to a potential security breach quickly and correctly. Plans don't need to be exhaustive or even overly formal. Employees simply need to understand the risks, what events to be concerned about and what they should do if one of the events is observed. A good plan defines who should be contacted both inside and outside the firm if a breach occurs. To make a plan effective, practice it regularly. DON'T BE AN EASY TARGET. Most attacks are opportunistic and require little effort, so make your firm a hard target. Use up-to-date versions of antivirus software. Patch your firm's programs when new security updates are released. Encrypt all sensitive information, especially on mobile devices. Have an assessment done by an objective third party to know your weaknesses and to close any gaps before an attacker finds a vulnerability. These are the most effective low-cost measures you can take to improve your security posture quickly. It's crucial to your firm's security posture to be able to adapt to changing risks and respond to new threats.