Cyber criminals see opportunity in the pandemic. Some exploit security vulnerabilities in remote working. Others prey on people’s fears by crafting phishing emails and malware-infected websites purportedly about the coronavirus.
You don’t have to be a security expert to fight back. We can all make a difference by following good security practices in our day to day work. These are five data security do’s and don’ts for everyone.
DO be patient – with technology, others and yourself.
Millions of employees suddenly have to learn new tools and work habits. Employers are struggling to support a newly remote workforce. Technology providers are straining to meet demand. It’s a recipe for frustration.
When we get frustrated or upset we’re more likely to take make mistakes or take security shortcuts. Instead, cultivate patience. We need to be patient when tools don’t work, organizations are over-burdened and people – ourselves included – are slow to master new technology.
DON’T forget to update privacy and security settings.
Technology helps us be productive and stay connected out of the office, but we have to use it responsibly. Cyber criminals will exploit any security vulnerability. Public settings on social media and collaboration tools leave the door open to trolls.
First, make a rough inventory of devices and programs you use for work: computers; smartphones and tablets; mobile apps; wireless router; smart (connected) devices like Wi-Fi enabled printers; VPN; cloud storage accounts; webmail; collaborative tools like Slack and Zoom; social media accounts. You may be surprised how long the list is.
Next, review and update privacy and security settings. Pay special attention to social media and collaborative platforms; they often default to less secure settings. Unlink accounts while you’re at it (Facebook doesn’t actually need to be linked to everything in your life).
Finally, revisit your passwords. Use strong, unique passwords for all your devices and accounts.
DO thank your information security team.
The security outlook was already grim before Covid-19. Companies and law firms of all sizes are under constant cyberattack. Ransomware is an ever-present threat. IT departments are short on staff and resources.
Information security is a difficult and stressful job, but it doesn’t have to be a thankless one. Take a moment to tell your data security team how much you appreciate their hard work.
DON’T fall for phishing, smishing or fake news.
A majority of data breaches originate in phishing emails. Other methods popular with cyber criminals are smishing (the text message version of email phishing), fake news links in social media and malicious websites. We are the weak link and there are plenty of depressing statistics to prove it.
By the same token, we’re the front-line defense. We thwart a cyberattack every time we recognize a phishing attack or social media scam for what it is.
Be on the lookout for warning signs:
- You don’t know the sender, or it’s someone you haven’t heard from in a long time and who has no reason to contact you.
- The message is out of character or the sender doesn’t usually send files or links by email/text.
- Content clues like missing or different signature block, spelling errors, grammatical mistakes, not the sender’s usual “voice.”
- The message violates the organization’s security procedures, chain of command, code of conduct, etc.
- It involves money in any way.
If an email or text might be legitimate but you have even the smallest doubt, verify first. For news, stick to trusted sites. Constant vigilance is essential. Cyberattacks directed at individual technology users are increasingly sophisticated and topical.
DO what you can where you are.
At the end of the day, it all comes down to doing what we can where we are. Following good data security practices for individuals is the baseline.
From leadership to participation, there are many ways to actively support your organization’s security initiatives. Approving a software purchase, raising the alarm about a possible security problem (even if it turns out to be nothing) and attending technology training webinars are just a few examples.
Are you tech-savvy or a remote working pro? Your colleagues need your help.
Cybersecurity is essential business for lawyers and legal professionals. We have an ethical obligation to safeguard clients’ confidential and privileged information. Moreover, clients – and potential clients – need legal counsel and practical assistance in cybersecurity issues.
Data security in the legal sector is both a duty and an opportunity to provide superior service. By educating ourselves about cybersecurity and following best practices, we can all help safeguard our own and our clients’ confidential information.