- Get link
- X
- Other Apps
Law firms are attractive for cybercrime. The specific number of offices violated is not known, because failure to report is common, as this directly affects the reputation of the office. But, there are reliable indications that this is a trend and that it is growing every day.
Cybercrime interests can be to harm someone from the competition, publish confidential information, and even go as far as extortion. The damage is direct to our customers, our knowledge, and our reputation.
Before preventing this from happening in any law office, the first thing to know:
Specific risks in the sector. Cybercriminals look for the information that can most compromise us as law firms: confidential information about the affairs we handle, bank details, and our clients. The more compromised the data, the more value it has. What must be clear is that there will always be a business interest to obtain an economic goal.
Where does the vulnerability lie? There is no perfect security. There are always technical loopholes, updates, and tools that can be implemented to better secure computer systems. But the human component is the main vulnerable factor in cybersecurity, it is the entry point for cybercriminals to offices. It is not necessary that the person who knows about IT is the vulnerable, such as the systems administrator, but any employee, manager, treasurer, or person who has access to case management, clients, key contacts within, can be objective.
How should law firms avoid this information leak? It can be avoided. The first thing, as the human factor is the most vulnerable, as well as those who are inside and those who will become part of an office, is to train people and make them feel part that the main factor of safety begins with themselves. Their own behavior, not just whether we send a message or not. The safety hygiene that they must have when handling that information, especially guidelines that must not be ignored.
Who should we turn to if we are victims? To people who are experts in the computer squad to do a behavior protocol. But I want to make it clear that neither the police nor any computer expert is going to give you the solution to the problem of information leakage. It only serves to know, if it is possible to know, who is the author of that interference. In no case, no institution will protect you from information failures.
What to do? The moment a crime occurs, it must be reported. Another thing is that companies for not damaging their reputation, do not do it. But it must be communicated, at least within the company, to find out if there are more victims.
But I want to make it clear that neither the police nor any computer expert will give you the solution to the problem of an information leak. It only serves to know, if it is possible to know, who is the author of that interference. In no case, no institution will protect you from information failures.
Internal Document Management Policies
To protect the information that we have stored on our computers, the cybersecurity and cybercrime expert gives the following 5 tips:
1. Private Server.
I know there are other alternatives and I am not talking from a business point of view, but having a dedicated private server is essential. That is a server where we host the preferential information and, hopefully, it is a national one, not one that is abroad. First, by having some confidence in who is treating the data; Knowing if it is someone who has an office or who works from their home garage is important. Second, that it is a server that only we use, even if it is not a large amount of information; If we are sharing it with other companies, we may not be the target, but we are one of the companies with whom we share the server; therefore, someone can enter to take someone else's information and incidentally take ours.
2. Rapid Emergency Protocol.
I don't mean to say that you have to have a 300-sheet manual. But yes, a person who is responsible for collecting the information and who is clear about what to do in the event of cybercrime. If I am an employee of the firm, and someone sends me an email with an attempt to scam, I get scared and delete it, without knowing that the evidence or any trace or vestige of a crime should be preserved. This person in charge should be the interlocutor between the forensic expert or the police to know what data to use. And you should be aware that you should report when someone pretends to be a financial institution, if they want to sell us a project, if they send us an infected document, or if someone wants us to make a money transfer, because the office wants to open a new line of business, something secret for everyone, so we only have to talk to the boss. These are very elaborate scams, looking for the right person, who they already know well, and who they have been talking to.
3. Have Two Distinct Networks.
This means that we have an internal network of ours, to pass the information between the corporate computers in the office and another with the outside world. The first is a network where I have my clients' information because it is confidential. From that network, I will not go abroad, such as connecting to Facebook, or Gmail, or to any service that can send me a virus, as it can compromise security. And from that isolated Wi-Fi network, no data will enter or leave. If you need to send an email that is from corporate email, duly encrypted and with keys. This is what I call security hygiene since it is useless to have everything encrypted if you open Gmail from that computer. In the external network, I will not enter any data, nor will I open any mail that does not come from corporate mail, and I have my system secured to detect threats. If there is no contact with the outside, this information will never get out of there. You have to be very strict in this type of behavior.
4. Backup and Update
It has to be stored on a secure device, hopefully, a hard disk connected online to the network, in order to program it and automatically make backups periodically. This copy is for confidential information only, not from any computer we use at the company. Also, you need to update your operating system software and antivirus for security protection.
5. Do Not Carry Confidential Information on Your Cell Phone.
You can have an encrypted USB so that in no way someone takes the confidential information on the cell phone to continue working at home. Because on the cell phone we are exposed to external threats that constantly move. Another alternative would be to have two cell phones, one person because we can download applications that are malicious to which we are giving all our confidential information, or we can connect to public WiFi networks. And another for work, with information only from our clients and with corporate and secure applications. But beware of losing your corporate cell phone.
In conclusion, it must be said that by keeping the information isolated many problems can be avoided. Finally, it must be said that what is spent on the IT item is not so great and is always in proportion to what we want, our data and our confidential information. And it should not be thought of as an expense, but rather it is an investment. The fact that our information is secure and controlled by us at all times.
Comments
Post a Comment