In the last week there have been a number of high-profile cyber attacks and theft of data from law firms, resulting in the loss and disclosure of confidential client information. In light of these recent attacks, OWL’s Services Team wants to remind you of five straightforward security practices that can immediately improve your firm’s security posture and help reduce potential attacks:
1. Replace outdated equipment and operating systems
Replace any outdated equipment, devices and operating systems (OS) which are no longer supported by the manufacturer, as they do not receive security updates and may be vulnerable to attack.
2. Patch your software
Ensure that all vulnerability and security updates to software and devices within your infrastructure are current. Manufacturers provide patches when vulnerabilities become known. More often than not, these vulnerabilities are also known and published on the open Internet, accessible to those who wish to misuse them. By not applying patches, your organization becomes a potential target.
3. Use complex passwords and update them regularly
Most firms’ password policies do not meet industry best standards: they are insufficient in length and complexity and may be easily guessed or cracked. Additionally, many organizations do not enforce password changes after 90 days. The reuse of old passwords as well as the use of the same password for multiple systems can also be a weak link. While enforcing these policies can be inconvenient to most users, hacking passwords is a tried and tested way into a firm’s network.
4. Carry out regular Penetration Testing and Security Assessments
Regularly engage outside consultants to assess your firm’s security posture and carry out penetration testing of your network and devices. While internal teams can be extremely proficient in protecting your firm’s confidential information, using proven outside providers offers an independent view of your firm’s risk profile.
5. Encourage defensive cyber behavior by your firm’s partners
The most senior partners at any firm are statistically the most susceptible to spear phishing and other sophisticated efforts to bypass cyber defenses. Time is particularly short for these people, which attackers understand and exploit. While following best practices such as not clicking on email links or waiting for the “all clear” from a security professional to open attachments may not always be convenient, they help insure that you avoid becoming the next victim.