Lawyers and law firms have become the target of choice for hackers who are seeking information about our clients. It is a growing problem that jeopardizes clients’ (and our own) confidential data, and implicates a host of other risk issues (do you want to be the one to tell your client that its secret business plan is now viral because we were hacked?)
So I signed up for a program on cyber-risk issues facing law firms. I braced myself for horror stories about new types of sophisticated hacking designed to penetrate law firm firewalls. To my surprise, that was of little concern to the panelists. Rather, they emphasized that 99% of breaches of firm electronic data systems are the result of carelessness by lawyers and other employees. And this is compounded by the fact that smarty-pants lawyers don’t want to admit that they’ve been fooled by some guy sitting in his pajamas in his basement, so they don’t report it to their firm’s OGC or IT department.
It doesn’t take much effort to prevent a data breach. If each of us follows just two steps, we can eliminate a lot of it (and this is applies equally to your own personal computer usage):
1) Watch where you click. Don’t click on links in strange emails. Don’t accept “friend” requests from people you don’t know. Don’t assume that email purportedly from your credit card company, ADP, or even the IRS (which may not have your work email) is genuine. Indeed, as I was sitting listening to the program, I received an email from “Amazon” confirming the purchase of a new TV. I ignored it, then checked my Amazon account when I got home (no TV).
2) Strengthen your passwords. Strong passwords are critically important. The more characters the better; the more types of characters the better. A semi-decent hacker can crack a six-letter password in no time. In contrast, a 10-15 multi-character password can take years to crack. There are websites where you can type a password in and see how long it would take to crack. I don’t recommend entering a real password, but you can easily do an equivalent and see how adding one character takes the hack time from a matter of hours to years.
And lest you think hacking isn’t a real problem, many of us, of a certain vintage, remember quite well the dangers what could happen when a hacker gets into your system.