Is Your Law Firm As Secure As You Think?

Is Your Law Firm As Secure?

Studies show that a majority of legal firms are confident in their cybersecurity – but does that mean they’re actually secure?

The legal industry is facing its most challenging obstacle to date and it’s not from their opposition – these attacks against law firms are coming from hackers.

That’s why cybersecurity is becoming a more common topic of discussion in the legal industry. And while surveys have shown that 80% of legal organizations consider their cybersecurity to be sufficient, that may not be the case.

“[…] cybersecurity practices at law firms are generally not very strong,” said Eli Wald, author of Legal Ethics’ Next Frontier, Lawyers and Cybersecurity to Logikcull . “[…] lawyers in general tend to delegate cybersecurity concerns and responsibility for infrastructure to others, usually the IT group, and so they may not know how vulnerable they are.”

Why Are Law Firms Targets For Cybercriminals?

In a nutshell? Because of all the data you store about your clients.

“Law firms are the subject of targeted attacks for one simple reason,” says John Sweeney, LogicForce President. “Their servers hold incredibly valuable information.”

Wald agrees – not only do law firms collect a lot of data, but they tend to only collect the more important (and therefore, most valuable) data on their clients.

“Law firms and lawyers collect from their clients and handle very valuable information,” says Wald. “Rather than collect every piece of information that our clients possess, we tend to seek out in the context of representing our clients, and in order to effectively represent them, the important information that pertains to the representation.”

That’s why firms like yours are key targets for cybercriminals. The question is – what are you doing about it?

How Are Legal Firms Addressing Cybersecurity?

As of a few years ago, a third of in-house counsel respondents in “The State of Cybersecurity Report: an in-house perspective” reported that they had experienced a data breach – and cybercrime is only expected to grow, with the occurrence rate of data breaches estimated to increase by 22.5% each year up to 2023.

According to a recent study by the American Bar Association (ABA):

  • 75% are using some anti-virus software.
  • 58% of responding firms are using a firewall or anti-phishing software.
  • 33% are using email encryption software.
  • 25% are using device encryption software.
  • 17% have some directory security in place.
  • 25% have an employee training program involving cybersecurity.

5 Ways To Enhance Your Cybersecurity

1. Two-Factor Authentication
Two-Factor Authentication is a great way to add an extra layer of protection to the existing system and account logins. 45% of polled businesses began using 2FA in 2018, compared to 25% the year prior.

By requiring a second piece of information, you’re better able to make sure that the person using your logging in is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.

2. Encryption
In layman’s terms, encrypted data is formatted in a secret code that would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only occur through a key, which is essentially a “secret password”.

3. Access Monitoring
In addition to encryption, the client data you store should be protected from unauthorized access:

  • Firewalls
    A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
  • Intrusion Detection
    You need to keep an eye on unauthorized attempts to access your data. Whether they’re successful or not, attempts at access can tell you more about how cybercriminals are trying to reach your data.

4. Password Best Practices

  • Length and Complexity
    Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out.
  • Numbers, Case, and Symbols
    While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
  • Personal Information
    Many users assume that information specific to them will be more secure – however, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook to determine when they were born, information about their family, personal interests, etc.
  • Pattern and Sequences
    “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.

5. Avoid Dangerous Emails
No matter who the email is from or what it’s about, always exercise caution when it comes to clicking on a link or downloading an attachment:

  • Be wary of malicious attachments in email messages. They may contain malware that can infect your computer.
  • Check to see who the real sender of the message is. The company name in the “From” field should match the address. Also, watch for addresses that contain typographical errors like jsmith@wellsfarg0.com.
  • Hover over the URL in the email to view the full address. If you don’t recognize it, or if all the URLs in the email are the same, this is probably a phishing threat.
  • Use an email client that scans attachments for malware, and never autorun an .exe file you’re unsure about.

This is a lot to handle on your own right? That’s where a knowledgeable IT services company can be invaluable. One that is more than just computer technicians, but a team of IT professionals who know and understand the unique security concerns of law firms. They can help you develop a cybersecurity plan that is ready to defend you against hackers.

Like this article? Check out the following blogs to learn more:

The New Ways Cybercriminals Pose a Threat to Organizations

Are You Keeping Up With FINRA’s Cybersecurity Best Practices?

Using Managed IT Services to Save You Money

A Law Firm’s Guide To Managed IT Services

 

 

Technological downtime can make or break a law firm. Even an hour of downtime can cost a small or medium firm as much as $250,000.

 

What Exactly Can Go Wrong?

Unfortunately, Murphy’s Law has been known to apply in legal cases, meaning if there is an opportunity for things to go wrong they will. It is important that your firm has a dedicated professional, our team of professionals, either inside or outside the firm that can honor your firm’s confidentiality and keep potential problems at bay and/or under control. Some potential issues include

 

Case Management Issues

Filing is most efficient when stored electronically. They manage related documents, billing, and customer relationships

 

Security Problems

Reputation is everything for a law firm, and that extends to the attorneys and other staff at the firm. Still, even with so much on the line, the American Bar Association found that as many as a quarter of firms did not have security policies in place. Nothing puts a damper on a firm’s reputation, or even on specific lawyers than a security breach,

 

Compliance Issues and Software Integration

Various industries and professions have their own set of confidentiality agreements, that any legal team that works with the company needs to follow in order to protect clients, consumers, and any others involved. Some of these include Health Insurance Portability and Accountability (HIPAA), the Gramm-Leach-Billey Act of 1999 (GLB) and the Sarbanes-Oxley Act (SOX). Following these privacy acts means that legal professionals are prevented from disclosing information. The same discretion needs to translate to technology compliance. It is necessary to have software in place that can handle this responsibility, and see to it that attorneys and anyone else with access can run any necessary software correctly and efficiently without violating compliance standards.

 

Internal Collaboration

Internal Collaboration is an issue that needs constant monitoring due to the way social media quickly evolves. It is common for attorneys to use the internet for communication, however, it is less common for them to communicate internally about a case, which would make their casework more efficient. The right social media integration can help improve communication and make casework more thorough and efficient. Salesforce, customer relationship management solutions are a common tool used by attorneys and their firms in order to produce better results for clients.

 

How a Managed Service Provider Can Help

Proactive and Regular Maintenance at a fixed can cost can help with all these issues by applying the knowledge to give your firm or business the right IT infrastructure that will support your needs. That means that attorneys and other employees will receive the training they need to serve your clients confidently and safely. if you have an existing system in place, we can analyze what you have been doing so that any necessary changes can be quickly set in motion.

 

While we at the {company} manage your system remotely, we are still there remotely to answer questions remotely that will improve customer relations and overall productivity. To learn more about how {company} can help your firm contact us today.

Tech Competence and Attorneys: New Changes You Need To Know About

 

If you are a lawyer or if you are hiring a lawyer, technology competence, often shortened to tech competence, is a term that you should be aware of. Recently, changes have been recommended in regards to tech competence and attorneys. Here is everything that you need to know about this topic.

 

What is Tech Competence?

 

Lawyers have always had a duty to be competent in the areas of law they practice. However, in 2012, the American Bar Association made a change to the Model Rules of Professional Conduct. The change being made was to make it clear that attorneys need to take steps to be competent in regards to technology. This change stated the lawyers need to stay competent in regards to the benefits and risks associated with technology that is relevant to their firm and line of work. Each state was free to adopt or reject this change, and to date, 36 states have adopted this change.

 

What New Changes Have Been Recommended in Regards to Tech Competence?

 

A committee met and issued a report in February of 2019 that recommended revisions be made to the current Rules of Professional Conduct in regards to technology. The changes that the committee recommended making were designed to make it clear that it is an attorney’s job and legal responsibility to ensure that they are competently representing their client. The changes that are being recommended to ensure that law firms and lawyers understand that this duty reaches into the technology that they use. The committee wanted to make it clear that it is a lawyer’s duty to ensure that client information is confidential, and as such, they are responsible for protecting against unauthorized access. Unauthorized access can occur if a database gets hacked or emails are intercepted.

 

The committee designed with making changes issued its report in February of 2019. The public was given the opportunity to comment and provide feedback through April 19, 2019. Currently, the recommendation is being reviewed by the D.C. Bar Board of Governors. Ultimately, they will decide if the recommendations should be passed on to the District of Columbia Court of Appeals, who ultimately sets the rules of practice within the District of Columbia.

 

IT Services Law Firms

 

How Can Your Law Firm Ensure You Are Meeting the New Guidelines?

 

While the changes in regards to tech competence and lawyers have not yet been approved, it is expected that it will be. It is also expected that many of the 36 states who adopted the tech competence changes will follow the District of Columbia’s lead and adopted these rules. As such, you may find yourself wondering what this means for you as a law firm, lawyer or individual or business looking to hire a law firm. If you are a lawyer or law firm, you need to ensure that you are taking steps to protect any personal client information. You need to ensure your website is secure, that you are sending all confidential emails in an encrypted manner, and take steps to ensure your cloud is secure. As a client, you want to ask law firms what steps they have taken to ensure the technology they use is secure.

 

As technology advances, new changes will likely be made to tech competence and the way it impacts attorneys and law firms. Being proactive and ensuring the technology you use is secure is the best way to meet your requirements under the new guidelines.

What Is Technology Competence

 

According to the LawSites blog, as of this writing, there are 36 states that have adopted the ABA’s updated Model Rule 1.1, which states that lawyers should maintain technology competence. The rule is purposefully vague to allow for the constant changes in technology that the legal industry is encountering. Unfortunately, the vagueness can create some anxiety for lawyers who want to meet the requirements of the rule. What does the ABA mean by “technology competence”, and how can lawyers achieve competence?

 

 

To better understand the expectations of the ABA and the states embracing its rules, it is necessary to take a closer look at how technology has impacted legal representation and ways that it can improve a lawyer’s practice.

 

Your main goal as a lawyer has always been to represent your client to the best of your ability. It was once enough to be knowledgeable in your legal area to ensure competent representation, but skilled representation today also means being able to use technology to improve efficiency, security and ideally the results you get for clients.

 

Technology Competence—The Basics

 

Update to ABA Model Rule 1.1

 

To get a grasp on what technology competence means for you and your practice, it is helpful to read the updated ABA rules:

 

Maintaining Competence

 

To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.

 

As you can see, the rule is not terribly specific about what it means to be competent in technology for a lawyer. It states that you should, “…keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” However, if you consider what the relevant technologies are in law—and their benefits and risks—you can get a clearer idea of how to approach tech in your own practice.

 

Relevant Technology in Law

 

There are some technologies that are quite relevant to the practice of law and are being used by lawyers across the country and the globe. These include:

 

Electronic Discovery

 

Discovery has always been the backbone of case building, but electronic tools have increased the power and efficiency of the discovery process in numerous ways. These tools allow for more comprehensive preservation of information, more thorough review of information and faster production of information. Failing to leverage electronic tools in the discovery process is doing clients a disservice.

Law Firm Technology Competence in USA

 

Internet Investigations

 

You do not have to be a professional internet investigator to get a lot of benefit out of internet searches. Just being able to do simple internet searches for information can make the investigation process faster and more thorough than it otherwise would be. There are also numerous tools available online for conducting investigations.

 

Cyber Security

 

Considering that most of the information you obtain for clients and from clients will be digital, it is incredibly important that you take basic cyber security measures to protect that information. From hackers looking to blackmail victims to government agencies reviewing every bit of information they can get their hands on, there is a multitude of actors who can target your data and compromise your practice.

 

Understanding the Technology Used by Clients

 

The clients you represent are using technology in a myriad of ways. You need to have a basic understanding—or possibly a much more in-depth understanding—of what tech they are using and how they use it. That means educating yourself not only on legal tech but also on any tech pertinent to your clients and their legal needs.

 

Courtroom Technology

 

There are a variety of tech tools that can make you more effective in the courtroom. They can help you better organize, present and explain information to your audience. Every little advantage you can get can make a difference when presenting your case.

 

Legal Technologies that Make Business Easier and More Efficient

Many legal technology tools are fairly mundane, but that does not make them any less useful. You can leverage them to provide your legal services with less work on your end. File sharing, automated document assembly and electronic court scheduling are all useful.

 

Using Technology to Better Serve Your Clients

 

Your ability to serve your clients is improved in many different ways through technology competence. While it may take time and effort to improve your competency, the benefits of doing so can be significant for both your clients and your practice.

 

To learn more about legal technologies that might benefit your firm, please contact our managed IT services team.

What Technology Should Small Law Firms Choose

 

It is questionable whether there is any industry today that has not been forced to adopt new technology to remain competitive. But for small law firms, the need to utilize technology appropriately is necessary for more than just competitiveness—it is actually being increasingly pushed by jurisdiction. In just the past few years, the ABA Model Rule 1.1 went through revisions so that the rule now states that attorneys need to maintain a certain level of competence with technology, and 36 states have adopted the revised comment to Rule 1.1.

 

 

With technology competency becoming a standard for practicing attorneys, it is clear that every law firm needs to do what it can to incorporate technology into their practice. What this adoption will mean may vary somewhat from firm to firm, but the general push should be to meet the standards of the industry in all possible areas. For many firms, that will mean making some changes.

 

Technology for Small Law Firms—What You Need to Know

 

Where you and your firm sit on the technology spectrum may be far different from another attorney or another firm. You may have already taken significant steps to incorporate technology tools into your operation. You may have been doing things the same way for decades and only be interested in making the minimal changes to comply with changing professional expectations. Or, you may be somewhere in the middle. The following tips are meant to serve as a starting point on how to identify where changes need to be made and to make those changes as efficiently as possible.

 

Set aside time for research and the adoption of new technology.

 

For most lawyers, time is at a premium. Between courting new clients, keeping up with legal changes, researching cases, preparing and filing documents, traveling and doing all the other things required for you to run your firm, you are probably quite pressed for free time. However, you are also adept at measuring the workload of new projects and making time for those projects—which means you have the ability and aptitude to make technical changes to your firm. You just need to remain aware of what you are getting into and set a pace that fits with your circumstances.

 

If you do not want to do all of the work yourself, you can also delegate or outsource it. Whether you assign duties to employees, hire an IT services company familiar known for servicing law firms, or both, you can accomplish a lot when you share the workload.

 

Learn what it means to be technically proficient as a law firm.

 

You may already have clear ideas about the changes you need to make. But if you aren’t, consider doing some research on legal tech today. There are books available that discuss legal tech for small firms and there are plenty of websites that do the same. Educate yourself on what a technologically savvy firm looks like today so you can see where your firm is lacking and where you should aim to be moving forward.

 

Areas to research include:

 

  • Document management
  • Time and billing software
  • Legal practice management software
  • Collaboration tools
  • Security technology
  • Mobile technology
  • Potential technology certifications available

 

Conduct an assessment of the technology your firm uses.

 

Once you have an idea of what the expectations for legal technology use are in today’s environment, you can conduct an assessment of your firm to see where you are and what changes you need to make. Identify what technology you currently use for various tasks, determine what changes need to be made, if any, and then make a plan to facilitate those changes.

 

Prioritize technology adoption.

 

Ideally, you could make all the changes you need to make simultaneously. But if you do not have the time, resources, or assistance to make all those changes possible right now, you will need to prioritize which are most important. Your priorities will be based on the specific goals of your firm. For example, e-filing is becoming an industry standard for law firms. If you are still using mostly paper, moving into an e-filing system will probably be a big priority. That may mean purchasing a scanner to digitize your existing documents, as well as implementing an e-filing system for your firm to use moving forward.

 

Consider Partnering With A Managed IT Services Company.

 

Most small firms do not have the resources to employ a dedicated IT department. Managed IT services offer a way to take advantage of technical proficiency and skill sets as you need them—like when you need to do a technology overhaul on your firm. You can get the assistance you need from professionals so you can focus on running your firm.

 

If you would like more information about managed IT services for your solo practice or small law firm, please contact us.

How Can Law Firms Use Microsoft Office 365’s E-Discovery Capabilities?

 

 

According to the American Bar Association, it is crucial for attorneys and e-discovery professionals to define the rules of engagement instead of leaving those details to the IT department. Attorneys are being held to much higher standards of knowledge when it comes to technology, especially in terms of electronic discovery. ABA Model Rule 11 states that attorneys bear a duty to provide competent representation for their clients, and translated into today’s language — that means a firm understanding of technology and all of the various implications. Fortunately, there are advanced tools already built into Microsoft Office 365 that can help support the needs of law offices as they create a proactive e-discovery strategy for their offices and for their clients.

 

E-Discovery in a Digital World

 

E-discovery is increasingly complex as you bring globalization and mobile platforms into the conversation. The ability for mobile phones and tablets to access even the most sensitive personal and legal data is an ongoing challenge, not to mention the ability of clients to easily share information that should have remained confidential. SMS text messages, social media chats, in-app notes — these types of interactions must all be appraised for potential inclusion in legal matters in the future. However, the information that is shared between attorneys, clients and other external parties can be more easily managed with tools from Microsoft Office that are already available to your e-discovery team.

 

Advanced Document Analysis in Microsoft Office 365

 

The electronic discovery tools available in Microsoft Office 365 are increasingly detailed and include the ability to identify content that is a near duplicate, perform predictive coding and consolidate information across email threads. While you may still need a dedicated e-discovery platform for more detailed analysis, Microsoft’s cloud-based productivity platform has many advanced features baked into the base functionality. Microsoft has been boosting their e-discovery chops with additions to the platform that will provide professionals with more of the tools that they need to wrangle and report on data and communications that will impact their various cases. Massive regulatory cases are not the only ones whose outcome may depend on a single email — there are also thousands of smaller cases that can be solved more quickly and accurately with access to the correct information gained through intensive e-discovery.

 

Collecting and Preserving Crucial Electronic Data

The ability to easily share information is a boon for attorneys and clients alike, as people are increasingly ready to work from remote locations and while on-the-go. Law offices must take additional measures to ensure the security and consistency of data due to these additional pressures, and Office 365 can create clean transfer records across various mobile platforms, desktops and email. Attorneys and their staff must have a firm understanding of the flow of information throughout their various systems to take full advantage of the ways they can collect and preserve this crucial electronic data.

 

Investing in advanced e-discovery software may be necessary, but there are many ways that law offices are able to streamline their data structures and workflow by leveraging the advanced functionality that is already available within Microsoft Office 365. Speak with your local technology professionals to better understand Microsoft’s options for improved security and deeper data insights.

Should Law Firms Start Their Own Podcasts?

 

 

Podcasts are huge these days. Popular podcast Serial has been downloaded millions of times and has become a pop culture phenomenon right alongside other “did they really do it” series like Netflix’s Making a Murderer. Podcasts are also used for informational and educational purposes. NPR offers its programs in podcast form so users can listen at their own pace. They’ve even developed programming that doesn’t broadcast on the radio. It only exists in podcast form.

 

The podcast has arrived, and it doesn’t appear to be going anywhere anytime soon. The question for law firms, as with any new tech innovation, is whether developing a podcast for the firm makes sense. We believe creating a podcast can be a powerful, memorable branding tool. Here are a few reasons why your firm should consider starting one.

 

A Branded Podcast Builds Credibility and Engagement

 

The problem most law firms face isn’t competence. The process of becoming a lawyer usually takes care of this. The problem firms face is getting their name out into the community effectively. You want to communicate that you’re competent and successful but at the same time approachable. Much of law firm advertising veers far in one direction or the other. You see “prestige” billboards that may communicate “you can’t afford me” to a good portion of the community, and you see cheesy TV commercials that communicate “we’re not a serious firm” to another portion of the community.

 

Creating a podcast is a low-cost, low-effort way to engage with your community. You can communicate in a down-to-earth fashion by just being yourself. You can use a podcast to indirectly convince community members of your ability and skill, and you can disarm the negative notions that can come from prestige advertising.

 

It’s an Inexpensive Advertising Tool

 

Another advantage of podcasting is cost. It’s very inexpensive to produce a podcast, and it costs nothing to host it. All you need to produce it is some simple audio recording equipment and a topic that you can discuss. Hosting a podcast is a simple affair using a hosting tool like Libsyn. Hosting tools like this one will automatically publish your podcast to iTunes and all the other major podcast services. Once your content is published, you can promote your podcast using your existing social media channels through both regular and paid posts.

 

Compare this to the costs of producing video for social and the costs of traditional advertising. To produce social video, you’ll have to invest in video recording equipment. If you want a quality product, you’ll probably end up having to hire a video production group to produce them. Then, consider traditional print and TV advertising. The costs are astronomical compared to the costs of producing a podcast.

 

It’s an Attractive Alternative to Video

 

Let’s be honest: we don’t all look like the beautiful pretend lawyers on Suits. Even if you are blessed with great looks, you may not be comfortable in front of the camera. If video makes you look shifty, insecure, or nervous, you’re not helping your firm’s advertising efforts. Focusing your efforts on a podcast avoids the difficulties and aesthetic concerns that come with video.

 

The other issue with video is that they need to be short. Videos, especially in advertising, need to be fairly “snackable.” Podcasts, on the other hand, can take a deeper dive. People often listen on their commute or at the gym, so they are looking for content of a certain length. Going deeper on a given topic is one way to reaffirm your credibility, too.

 

Getting Started

 

If you’re ready to start a podcast for your firm here’s a brief guide to the steps you need to take.

 

Equipment

 

You can record audio using the internal microphone on your laptop, but it won’t sound very good. Invest in a midrange USB microphone, like the Snowball or Yeti from Blue. The difference in sound quality will astound you. You can easily record one or two people around a microphone like those. If you plan to invite more than one guest onto your podcast, you may need an additional microphone.

 

Software

 

If you’re recording only one microphone, your software needs are simple. Free recording and editing programs like Audacity for PC and GarageBand for Mac will do just about everything you need. Call Recorder for Skype is an inexpensive Mac app that will simplify things for you, too. We recommend starting with this simple setup before exploring multi-mic (multi-track) recording. Once you’re familiar with the basic principles, you’ll have an easier time scaling up.

 

Topics and Launch

 

All that’s left is to come up with some topics and get going. Choose topics community members are likely wondering about and answer whatever questions they may have. This is a tool for getting clients in the door. Choose topics that offer as much value as possible, topics people will want to listen to.

 

All that’s left is to launch. Hit record, start talking, and publish!

Password Management: What Lawyers Must Know

 

 

Passwords are a problem. In one sense they are exactly the opposite of what they should be. They’re hard for users to remember but easy for intruders to guess or steal. The user frustrations with the current system make it ripe for abuse, and that’s exactly what’s taking place every day.

 

The best solution for lawyers and law firms alike is to implement a password management utility. We’ll take a look at that solution after exploring the nature of the problem in greater depth.

 

The Problems with Passwords

 

Can you even count how many digital sites and services you’re required to log in to with a username and password? Most people have upwards of one hundred. It’s challenging, if not impossible, to keep them all straight without some kind of assistance. People usually resort to one of several very insecure methods to solve this. One of the most common is reusing the same username and password on multiple sites.

 

Password Reuse Is Easy but Dangerous

 

Security professionals will tell you that reusing passwords is dangerous. This is because when (not if) your credentials are captured or stolen on one site, you become vulnerable on every other site that uses those same credentials. The problem here is that it’s just so easy to reuse passwords, especially on accounts we don’t consider to be sensitive in nature. Nearly half of security professionals themselves admit to reusing passwords, even though they know firsthand the dangers of doing so.

 

Strong, Unique Passwords Are Too Hard to Remember

 

If you’re not supposed to reuse passwords, then what should you do? Ideally, you should create a strong, unique password for every site. Each one should be lengthy (the longer the better) and should contain a mix of lower and uppercase letters, numbers, and symbols. The longer and more complex the password, the harder it is for a computer to crack it. People won’t be able to guess Gbje23+3zp?$T0n very well at all.

 

The problem with a password like Gbje23+3zp?$T0n, though, is obvious. You’ll have a tough time remembering even one of those, let alone a hundred.

 

Experts will suggest other tactics, like turning a familiar phrase into a password. “Four score and seven years ago our fathers brought forth a new nation” could become “4s&7yaoFbfaNN”. This method uses the first letters of each word (along with numbers and symbols where appropriate) to create a passcode that’s nearly inscrutable but that’s easier to remember.

 

This method helps, but it doesn’t scale well. It’s true you’ll have an easier time reproducing that than the previous example, but you’ll still have a tough time replicating that a hundred times over.

 

The Solution: Password Management

 

The best solution to the password conundrum is using a password management utility. Setting up a password management utility isn’t difficult, and putting one in place greatly increases your digital security. Once you’ve set up a password manager, you don’t even need to remember all those passwords. You just have to remember one.

 

How Password Management Tools Work

 

Password managers are programs or apps that function as a digital safe, or a digitally encrypted locker. All your passwords are stored inside the safe. Password management tools will also help you create long, complex, unique passwords for all your accounts. Some can even do this automatically once you supply your existing credentials.

 

With a password manager, it’s easy to maintain a different complex password for every account, because you no longer need to remember those passwords yourself. You just need to create and memorize one very strong password for the password manager itself.

 

Once you’ve set up a password manager, it will autocomplete the login fields on most websites. For the few that don’t auto-populate, you can access a database of your account credentials and copy and paste the proper credentials into the corresponding fields. All the major password managers also offer some degree of integration with both iOS and Android. Your passwords remain accessible, yet secure, on your mobile devices.

 

The Security of Password Management Tools

 

Password management tools stake their reputation on their security. They aren’t perfectly secure—nothing is. The Washington Post notes some of their flaws. They are, however, a vast improvement over most people’s current password practices. No one gets access to your vault without your master password, and hackers won’t get that password from the utility makers since they don’t store your master password anywhere. There’s no database to be hacked.

 

On that note, make sure your master password is itself long and complex. Consider using the “familiar phrase” tactic described earlier.

 

Conclusion

 

Lawyers have an obligation to keep their digital accounts secure. Doing so manually is difficult if not impossible. Implementing a strong password management solution is the answer. If you have more questions about implementing a quality password management system for your law firm, we’re here to help. Contact us today to discuss the options available.

Why Reusing Passwords Is A Horrible Idea

 

 

No matter your profession, reusing passwords is a horrible idea. It’s dangerous and insecure. Reusing passwords is especially problematic for those working in fields like law, ones that require confidentiality in one form or another.

 

Many people already know that reusing passwords is unsafe, but they do it anyway. One recent survey conducted by Lastline revealed that nearly half (around 45%) of information security professionals polled admit to reusing passwords. These people get paid to work in information security, and yet they don’t follow some of the most basic protocols for keeping information safe.

 

If anyone should understand the dangers here, it would be information security professionals. You’re likely not an information security pro, though, so let’s look in greater detail at why reusing passwords is so bad.

 

A Broken System

 

First, cut yourself a little slack. The internet password system is inherently broken. Most people have well over a hundred digital accounts. These range from the seemingly trivial (paying a utility bill, “store insider” loyalty programs, and the like) to the vitally important (banking, proprietary business accounts, and so on). Each one requires a username and a password. To make things worse, many sites require a mix of characters (capital and lowercase letters, at least one number, and at least one symbol). Some sites won’t accept all the special characters, and various sites won’t even agree about which special characters are acceptable!

 

Cheating Ensues

 

Most people can’t easily memorize one hundred or so unique sets of site plus username plus password, so they cheat. Either they write all their passwords down in a notebook or they reuse the same password across multiple sites. Even worse, they may do both!

 

The Frequency of Reusing Passwords

 

How widespread is reusing passwords, really? A massive study from researchers at Virginia Tech found that the problem is quite severe. They analyzed 61.5 million passwords spread out over 28.8 million users and found that over half (52%) reused passwords wholesale. That doesn’t even account for people reusing the same basic word or phrase and just switching out a few characters or adding a new one to the end.

 

The Problem with Password Reuse

 

Here’s the problem with password reuse: credentials have a habit of being stolen. Companies frequently experience hacks where customer data is exposed. You may not consider it such a big deal if hackers got ahold of your username and password for Bargains ’R’ Us. You don’t shop there often and you don’t have any credit card info stored on their website. Is it really a big deal?

 

On its own, it’s likely not a very big deal. But if you reused the same username and password for, say, your bank or your credit card, it’s suddenly a very big deal!

 

The same goes for the sticky-note users out there. If you’ve ever written down your “go-to” password on a sticky note or in a notebook, consider who all has had access to that information. Family? Friends? Coworkers? The cleaning crew or service technicians? How easy would it be for someone to snag a quick picture of your password list? If you reuse your passwords, this problem escalates quickly.

 

One more problem worth noting is messaging or emailing passwords. Many of us have had the experience of texting, emailing, or messaging a password to a spouse or significant other. Those communications aren’t always secure, though, and often they stick around for a while. If someone gained access to your email, would they also gain access to sensitive passwords?

 

The Ubiquity of Data Breaches

 

Data breaches are happening all over the place, and some of them are huge. Yahoo had every single one of its 3 billion accounts breached. If you had a Yahoo account at the time of the breach, even an old dead one you never check, hackers may now have your sign-in info. If you used your go-to password on that account, then every other account you’re using that password for is now at risk. This is a big deal.

 

Solutions to the Password Problem

 

Passwords are a mess, and not reusing passwords is difficult. Here are some solutions that can help you clean up the mess and reduce frustration.

 

Enable Two-Factor Authentication Wherever Possible

 

Many websites offer two-factor authentication (2FA), which is much more secure. With 2FA, a one-time code is sent in a text message or email after logging in with username and password. Enable 2FA wherever possible.

 

Use a Password Manager

 

Password managers solve the problem of memorizing hundreds of unique passwords. They store all your passwords in an encrypted vault that you secure with one strong master password. We recommend using a good password manager. Doing so makes strong password security easy.

 

Conclusion

 

Understanding the danger behind reusing passwords is an important first step in securing your digital life. For help securing your workplace against digital threats, enlist the help of professionals like us. Contact us today to learn how we can help keep your systems secure.