Posted by Julian Bryan, managing director of Legal Futures Associate Quill Pinpoint
Cyber-security has been the subject of repeated headline news over the past few years. It’s a stark warning about the enhanced threats to our IT infrastructures and the need for constant vigilance of IT usage in the workplace.
Worryingly, despite its high-risk status, cyber-crime remains fairly low down law firms’ agendas. Let’s give cyber-crime the attention it deserves. After all, it really is better to be safe than sorry. To help you out, here are 10 top tips on desktop security to create a robust, reliable and secure cyber environment.
- Update to the latest operating systems.
It’s all about Windows 10. If you’re using an older platform, it’s time to consider migrating. Definitely so if you’re still running an unsupported operating system such as Windows XP or Vista. That’s because patches and system upgrades will become infrequent or will have already stopped altogether, making you easy prey for hackers and hijackers.
Once you’ve moved to a supported and better-performing operating system, keep it current by regularly checking for, and applying, updates. This could be a simple process of ensuring your automatic updates field is activated.
- Install anti-virus and anti-spyware software.
You wouldn’t go rock climbing without a safety harness, so don’t operate your PC or laptop without virus and spyware protection. There’s no point thinking ‘it won’t happen to me’. Hackers are always searching for their next victim.
In addition to paid-for products, there are some good free alternatives, so there’s no excuse. However, do thoroughly evaluate open source software beforehand. Due diligence at all times, remember. With your software selected, install it and keep it up to date.
- Never open e-mail attachments or click on links sent to you from unknown sources.
If you receive unsolicited e-mails, the best course of action is to delete them unread. Don’t, under any circumstances, open any attachments contained therein as these are the primary channel through which viruses are spread. The same applies to links. Only click on links if you’re confident they’re virus free.
Phishing scams are a well-publicised modern phenomenon. They’re attempts by perpetrators, via e-mail, to get you to view malicious attachments or click through on web links so they can infect your device. Similarly, they often try to trick you into giving out personal information such as your bank account details, passwords and credit card numbers. This valuable data has a monetary value to cyber-criminals. Don’t let them get their hands on it.
- When uploading and downloading files (particularly sensitive documents) for transfer purposes, only use trusted sites.
E-working demands the electronic transfer of Word, PDF, Excel and other file types. Following on nicely from tip 3, if you receive e-mail attachments from an unknown sender, be wary and run downloaded files through your anti-virus software before saving to your network. Similarly, to e-mail sensitive documents, encrypt them before attaching and submitting your e-mail message.
- Set strong passwords, change routinely, never share with anyone and don’t write them down.
The biggest IT security problem is poor selection and protection of user passwords. Password cracking is a favoured activity of people trying to break into computer systems, often just for the fun of it. A strong password should be at least eight characters long, containing a mix of upper and lower case letters, numbers and special characters.
It’s good practice to regularly change your passwords. Don’t store the details in a computer file titled ‘passwords’ or write them down on a post-it note stuck onto your screen! The only truly secure place for your passwords is in your own head. Don’t tell others either because no genuine company would request your passwords (again, see 3 above).
- Make periodic back-ups of documents and data stored in your hard drive, keep back-up devices safe and, ideally, encrypted.
Much of the content on our hard drives is essential to business functions and often irreplaceable. Back it up regularly; daily if possible; weekly at least. Better still if you can encrypt everything during the procedure. That way, in the event of an unexpected technical hitch or, in this case, cyber-attack, you’ve got a spare set of business-critical information and files, even if a little old.
Recovering a day or so’s work is far preferable to recovering a week, month or longer. By wasting time tidying up the mess, you could delay your live matters with potentially disastrous consequences.
- Always lock the screen or log out of your computer when you leave your work area, even if it’s ‘just for a minute’.
‘Just for a minute’ can easily turn into an hour (or more) if you get side-tracked on your way to make a quick cuppa. Few of us work in isolation, so stop others making unauthorised access to your computer by getting into the habit of auto-locking your screen.
Locking your Windows PC involves two simple key strokes: Windows and L. At most four keys: Ctrl, Alt, Delete and ‘Lock’. If you know you’re going to be away from your desk for a prolonged period, such as a meeting or training course, log off completely.
- Limit web browsing to work-specific sites if practicably possible.
While many business managers don’t like being too prescriptive with employees’ surfing activities, during working hours there shouldn’t be a need to visit anything other than work-related websites. Lunch hours are different, of course, but it’s easy to restrict web access to reputable, trusted shopping and social media sites with web-filtering software.
- Be careful when logging into public WiFi connections as fake hotspots can be created by cunning cyber-criminals.
In today’s modern work environment, mobile working is increasingly common. This could be your lawyers logging fee-earning activity into your time recording system in court, or your managers having a coffee break in Starbucks between off-site business development meetings.
Take care when logging into WiFi hotspots, making doubly sure it’s not a fake network manned by a would-be identity thief. Even when you’re certain that you’re on a legitimate public WiFi network, it’s best to avoid performing banking or online shopping transactions.
- Data on paper is the same as data on the screen. Your identity’s at stake so protect it or shred it.
Even the most technically savvy amongst us still need to print off important or sensitive documents every once in a while. Don’t leave them lying around for prying eyes. Store print-outs securely and use a personal shredder for safe disposal.
So, that’s your starter for 10. We’ll delve further into cyber-crime and cyber-security in our next blog on combatting fraud, where we’ll more directly address the all-important subject of client monies. Watch this space!
Julian Bryan is also chair of the Legal Software Suppliers Association
Thank you for writing this article. I’ll be sharing it with our IT team.
In our company, we always tell our employees to never log into a public wifi network – this is a potential backdoor for malicious software.
We install Kaspersky AV on all of our companies.
We install CurrentWare web filter to block Internet access and monitor Internet activities.