The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/984836
54 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SPRING 2018 Protecting Your Law Firm: Two Experts Discuss Website and Data ASK THE EXPERT Still, many companies do not understand the importance of a budget for security. Protecting your data at work is like protecting your jewelry at home. Oen a hacker will not spend time going aer a difficult target and instead look for the company with the weakest security. If that is you, you are in trouble. Michael: Fortunately, 95 percent of security can be achieved through basic, inexpensive initiatives such as password policies. This allows law firms to allocate their security budget to the remaining five percent to thwart the most malicious hacking schemes. What are the biggest digital security threats that law firms face? Zachary: DDoS aacks are becoming more common. A hacker creates script that sends an overwhelming amount of traffic to a website, to the point where it can no longer respond to legitimate requests from customers and prospects. Michael: Social engineering aacks are also becoming more prevalent. Hackers learn or capture the identity and a few unique characteristics – like favorite sports teams – of a law firm's legitimate client and start phishing. They can then create and send emails from an extremely similar address, making it nearly impossible for the recipient to catch the difference. What does the future hold for digital security? Zachary: Digital security will see new developments in methods for proving you are who you say you are. Currently, authentication relies on the user's knowledge, like passwords, mother's maiden name or the name of your first pet. More sophisticated sites require two-factor authentication: combining a user's knowledge with a device they have, like a cell phone. We will continue to see greater uses of biometric authentication, where the required "password" is a fingerprint, faceprint or a voiceprint. Biometric passwords are unique to users, difficult to steal and much more convenient for the user. Michael: Dickinson Wright is implementing biometric authentication. We now use fingerprint scanners, which employees use to log into their computers. This relatively new concept comes with limitations; for example, some computers are not yet compatible with the scanners. Zachary: We will also see machine learning influence website logins. If the user comes from an odd-looking IP address, or logs in at an unusual time, the website will use risk-based escalating challenges to require higher levels of authentication. As technology progresses, law firms that follow the latest security advances will continue to protect their firms and their clients' data at the highest level. P2P We will continue to see greater uses of biometric authentication, where the required "password" is a fingerprint, faceprint or a voiceprint.