October was Cybersecurity Awareness Month, but every day we should be aware of the potential threats that exist while using technology. The following is an interview with Alvin Margallo (AM), IT specialist at a Silicon Valley law firm. This interview covers some cyber security basics, and risk avoidance practices that could be implemented both in the home and in the office.
What is the biggest piece of cyber security advice you would give to everyday tech users?
AM. Like many things in life, human factor is the weakest link. The importance of being aware of unexpected or unusual emails entering your inbox, or other suspicious activity is key to being safe online. It is also advisable to have different passwords for online accounts to decrease the rise of threat actors accessing all your information in one fell swoop.
What are the main cyber security threats to a law firm?
AM. Without a doubt, data theft and threat actors.
What measures can be put in place to keep attorneys and staff secure at work?
AM. Strive to have all the virus ransomware and malware protection to control what you can to be secure. In addition, ensure systems are actively monitored to catch suspicious activity. All employees should have a work email address with security features in place to catch spam, malicious files, and questionable links. Ensuring that spoofing, imposter, and phishing emails are caught is essential. Insist that people avoid using personal storage devices at the office as the devices may contain unknown and damaging content. Accessing personal email from work should be forbidden as it can create a back door for threat actors.
With the ever-unpredictable Covid-19, how can people who work from home ensure that they remain cyber secure?
AM. Employees that work from home should have access to a digital workspace that requires two factor authentication, and all data should be encrypted in transit and at rest. Protected software and work documents accessed out of office are recommended to be saved onto the cloud as opposed to local devices.
Law firms obviously have access to significant amounts of client data and personal records. How is this protected?
AM. Protecting client data is top priority. One way to protect a client’s data is to utilize a cloud hosting provider that stores the information in secure locations across the country. Data ought to be encrypted in transit and at rest, backed up and managed by a specialized team whose role is to monitor systems. Access to in-office technology should require complex passwords and two factor authentication. Transferring files from client to law firm should be done through a secure file sharing system. That way, files are encrypted in transit and at rest and ensures that a client’s private documents do not have to be exchanged through email.
What can we do to ensure that technology systems stay up to date?
AM. Cloud hosting providers and SaaS companies are constantly improving and evolving where it may be necessary. Their suggestions should be taken seriously and implemented as a firm may see fit for their specific needs.
In a nutshell, technology is ubiquitous and protecting ourselves from a digital crime at home and at work requires constant vigilance. Regardless of the data protection systems you may have in place, awareness to unusual activity when using technology is essential to remaining safe and secure online. Law firms must remain up to date with the most current technology systems and protections to do their utmost to protect clients’ confidentiality and data.