Cyber Security: Good cyber hygiene habits can help a firm maintain a clean bill of digital health

By Carl Mazzanti

The World Health Organization defines hygiene as using practices that help humans stay healthy and prevent the spread of diseases. Maintaining good personal health requires work: Exercising, meditating, eating a nutritious diet, having regular medical checkups. Similarly, law firms can protect sensitive client data from digital threats by practicing good “cyber hygiene.” This means following a regimen of best practices for online safety.

Given the multitude of illnesses that can affect humans, it is not surprising that there is no single vaccine or cure to ensure human health. And since cybercriminals are constantly creating new types of digital infection and dysfunction, firms need a strong cyber hygiene program to stay safe. This includes working with an experienced managed services provider (MSP) to take  measures to protect your data networks and information.

In both instances, the reward is a longer, safer existence.

The federal Cybersecurity and Infrastructure Security Agency (CISA) says that to stay safe online, follow these basic tips:

• Use strong and unique passwords
• Change your passwords regularly
• Update software often
• Think before you click on suspicious links

Adopting a multi-factor authentication (MFA) system will also improve online safety.

A multi-tiered defense

 

With the rise of cyber threats from hostile nations and other groups, it is crucial to adopt multilevel, robust cyber hygiene practices. Cybersecurity mainly focuses on protecting against threats. Cyber resilience is about how well an organization can bounce back after a security breach, focusing on recovery and returning to normal operations.

Automated patch management is a basic cybersecurity practice. Install software updates and security patches as soon as you can on:

• Company-owned devices
• Personal devices used for work
• Any systems that connect to the same networks as company devices

 

All of the above steps apply to devices regardless of their location.

Multi-factor authentication and encryption

A big challenge for law firms involves controlling access to sensitive information. Using controls like multi-factor authentication can greatly lower the risk of unauthorized access.

MFA acts in cybersecurity like white blood cells do to protect against infections in humans, requiring users to confirm their identities in different ways. This can include a password and a one-time code sent to their phone.

Another key cybersecurity solution is encryption. This means protecting information by using math to scramble it. Only those with the key can unscramble and access the data.

When remote workers send data to the company’s network, it is encrypted. This means that bad actors cannot access sensitive information like credit card details, personal and financial data, and trade secrets. This protects the firms by helping to stop data breaches, while 24/7 SIEM/SOC (security information and event management/security operations center) tools will alert you to ongoing cyber events. These automated tools, with human oversight, will hunt for threats and report any issues threatening your digital environment.

Other recommendations

Good cyber hygiene, however, is not only about technology. There is a human factor, too. Law firms should also hold training sessions regularly. This will help employees understand risks such as “phishing” and “social engineering” plus the dangers of clicking on harmful links, downloading unverified attachments, and responding to unwanted requests for information.

The training should also cover other important areas, like assessing your current cyber risk level, and conducting vulnerability assessments, penetration testing, and security audits. Issues like assessing third-party risks and ensuring regulatory compliance should  be addressed as well.

To improve cyber resiliency, you should regularly back up important files to a secure cloud or another safe location. This way, files will stay safe even if your main network is attacked. Here, too, however, best practices are not limited to technology.

A proactive, cyber resilient firm will take certain steps before its system is compromised. They will identify and document assets. They will also develop and test notification and incident response plans.

The takeaway

Maintaining cyber hygiene is crucial for law firms to protect the sensitive data they maintain and to preserve client trust. Firms that work with a trusted managed service provider can improve their cybersecurity and cyber resiliency, helping to keep their information safe, secure, and available while enhancing their own reputations.

 

 

Carl Mazzanti is president of eMazzanti Technologies in Hoboken, N.J., providing IT consulting services for businesses ranging from home offices to multinational corporations. The company can be contacted at: 866-362-9926.