Chat with us, powered by LiveChat
678-389-6200

Is your law firm as secure as it could be?

Research shows that most law firms are confident about their cybersecurity — but are they really as safe as they believe?

Cybersecurity and Your Law Firm

The legal sector is facing truly challenging opponents outside of the courtroom – cyber criminals.

The stakes have never been higher.

These rising threats are why cybersecurity is becoming a more common topic of discussion in the legal industry. And while surveys have shown that 80% of legal organizations consider their cybersecurity to be sufficient, that may not be the case.

“[…] cybersecurity practices at law firms are generally not very strong,” says Eli Wald, author of Legal Ethics’ Next Frontier. “[…] lawyers in general tend to delegate cybersecurity concerns and responsibility for infrastructure to others, usually the IT group, and so they may not know how vulnerable they are.”

Why Are Law Firms Targets For Cybercriminals?

The short answer is that law firms store lots of private data about their clients. “Law firms present a tempting target for cyber crime,” says Jason Rorie, CEO of MSP Overwatch. “Their servers hold incredibly valuable personal information.”

“Cybercriminals tend to focus on targets that are rich in personal or financial data,” adds Rorie. “They gain access to the data through ransomware or a breach, then sell it on the Dark Web to other criminals who use it in a number of ways.”

Stolen private data is used for everything from voter fraud to opening credit accounts. This activity often happens months after the initial theft of the data.

How Are Legal Firms Addressing Cybersecurity?

Recently, a third of in-house counsel respondents in “The State of Cybersecurity Report: an in-house perspective” reported that they had experienced a data breach. Cybercrime is only expected to grow from here, with the occurrence rate of data breaches estimated to increase by 22.5% each year up to 2023. According to a recent study by the American Bar Association (ABA):

  • 75% of firms are using some anti-virus software.
  • 58% of responding firms are using a firewall or anti-phishing software.
  • 33% of firms are using email encryption software.
  • 25% are using device encryption software.
  • 17% of law firms have some directory security in place.
  • 25% of firms train their staff on cybersecurity best practices.

5 Ways to Improve Your Cybersecurity Posture

1. Two-Factor Authentication

Two-Factor Authentication is the current standard for adding an extra layer of protection to existing system and account logins. 45% of polled businesses began using 2FA in 2018, compared to 25% the year prior. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards. Complete security usually demands multiple authentication methods: something you know (like a password), something you have (like your phone for 2FA), and something you are (like a fingerprint or other biometric).

2. Data Encryption

Encrypted data is formatted using a key, storing or transmitting it in such a way that it would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only take place with the correct key.

3. Access Monitoring

In addition to encryption, the client data you store should be protected from unauthorized access:

  • A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
  • Intrusion Detection. One of the only surefire ways to protect your network and data is to actively watch over it. A Security Operations Center (SOC) can monitor your network traffic around the clock and respond to any intrusion attempts in real time.

4.Password HYGIENE

  • Length and Complexity. The easier it is for you to remember a password, the easier it’ll be for a hacker to crack.
  • Personal Information. Password recovery systems use personal details to verify a user’s identity – unfortunately, with widespread use of social media, it’s not difficult for hackers to research a target through Facebook to determine when they were born, information about their family, personal interests, etc.
  • Numbers, Case, and Symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
  • Avoid Patterns and Sequences. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.

5. Avoid Dangerous Emails

Always exercise caution when it comes to clicking on a link or downloading an attachment. Be careful even if the email seems to be coming from a known source or even from within your organization as email addresses are often spoofed:

  • Be wary of links and attachments in email messages. They may contain malware that can infect your computer.
  • Confirm the real sender of the message. The company name in the “From” field should match the address. Also, watch for addresses that contain typographical errors or lookalike domains like “janedoe@microsofthelp.com”.
  • Hover over the URL in the email to view the full address. If you don’t recognize it, or if all the URLs in the email are the same, phishing is likely.

Cybersecurity is as complex as it is essential. Most law firms don’t have the resources (or the desire) to handle everything on their own. A knowledgeable IT services company can make all the difference. An IT provider with a proven track record of cybersecurity success can help you develop a cybersecurity plan capable of defending your law firm and your clients against hackers.

For more information, call mPowered IT at 678-389-6200 or visit mpoweredit.com.

Your Own Employees are Your Biggest Threat

Your Own Employees are Your Biggest Threat – and Last Line of Defense Against a Ransomware Attack on Your Business

Major ransomware attacks are on the rise across the country, not just taking down single businesses, but entire infrastructure systems. The cybercriminals are gaining in sophistication, finding more clever ways to hack into your network. They hold your systems and data hostage and demand payment.

What can your business do about it?

Train Your Employees!

In the past, cybercrime was easier to notice and avoid. Today, the criminals are savvy and can fool even those who are watching and aware. Your employees are answering phone calls and emails all day every day, and they need to be well trained and hyper aware of the dangers around them. All it takes is one employee responding to a bogus email, or providing a bit of information on a phone call, to allow a cybercriminal access to your network.

Most employees already know to ignore emails from people they don’t know, and never click a link from an unknown sender. But increasingly bogus emails are looking exactly like real ones. Phone calls can seem to be from legit sources, and the person on the other end knows exactly how to gain trust and extract information.

mPowered IT CEO John Mamon is a huge advocate for training employees to protect the employer’s business. “We have extensive technology to protect businesses from all kinds of security threats, and they work extremely well,” he explained. “But one employee can innocently give a hacker enough info to get into your system and hold your data hostage. The employee won’t even know they did anything wrong.”

Small businesses are ripe for ransomware attacks

Most small business don’t have real security measures in place, or the security they have is outdated and ineffective. Security measures have to keep innovating to stay ahead of cybercriminals, who spend all day every day thinking up more devious ways to get your data, take your money, or both.

To stay ahead of the criminals, you need an MSP who focuses on security, stays ahead of security technology, and can train your employees to be the last line of defense.

For more information, call mPowered IT at 678-389-6200 or visit mpoweredit.com.

How to Choose the Right IT Provider

There is no one-size-fits-all solution in the world of business technology. That said, the best IT providers will approach your situation with fresh eyes and develop a plan tailored to your unique needs.

Your IT provider should start by asking discovery questions that will inform them about your business. Only by understanding what you do and how you do it will the MSP be able to properly serve you.

Do you want to scale production? Improve customer service? Improve fulfilment? On the surface, it might not seem like technology can affect so many aspects of your business. In truth, an IT provider knows that technology can support — or hinder — every part of your business. A technology plan must address this and holistically support your plans for the business.

Your IT provider should be fully versed in business technology. Having skills that go beyond setting up basic hardware is crucial. Maintaining an entire network of computers, servers, peripherals, and devices requires many years of experience and high-level knowledge. MSPs need to have a deep understanding of business processes and industry best practices. This is especially true when cybersecurity and compliance come into play.

When interviewing a potential managed IT service provider, ask about scalability, staff with specific skill sets, proactive versus reactive support methods, and what they hold as general best practices in IT management. These questions tend to be far more important than those regarding the size of their support staff or their software certifications.

Choose a managed service provider that knows how to leverage technology to improve your business and has the expertise to make it happen. Avoid the provider that will only fix issues as they occur rather than helping you maximize your investment.

A good managed service provider should have your back 24/7/365. They should monitor your systems around the clock and resolve any problems regardless of the time or date. IT problems don’t take holidays off.

While remote monitoring and service can handle many problems, there are situations where an IT provider needs to come on-site for a fix or audit. These visits should always be accounted for in your plan, either built into the invoice or defined through blocks of prepaid time. Ensure that you know what you’re paying for and that you won’t be surprised with additional charges down the road.

For an IT company, maintaining consistent results and delivery is critical. Your IT company should be able and willing to share examples of their documented policies and processes, and show how they would be applied to your business. It’s a red flag if they can’t explain what they do, how they do it, and why it is effective. This also applies to current partnerships. Trustworthy MSPs are happy to share details of their value and can demonstrate how they justify their cost.

In addition to the above, make sure your prospective IT provider offers:

  • Proactive monitoring to detect and prevent problems before they cause downtime, data loss, or other catastrophes.
  • Modern detection and alert solutions, good response times, scaling potential, automation, and a comprehensive web-based user portal.
  • Regular audits of your technology, tests of backup and recovery systems, and comprehensive cybersecurity solutions including training.

The IT infrastructure of today has changed considerably since a decade ago. The typical office will have many desktops, laptops, servers, mobile devices, IoT gadgets, and software — and just as many different vendors.

An IT provider should design a support plan that encompasses all of your business’ technology. They must be able to handle all of the different software companies and vendors that make up your tech ecosystem. An MSP who has good relationships with multiple leading vendors is ideal, as is an IT provider who is familiar with your industry’s proprietary software.

On the other hand, you should seek out an IT provider who is vendor neutral. If they are contracted or partial to using only certain vendors’ products, you could end up with solutions that aren’t exactly right for your needs. A good MSP should always focus on selecting the technology that provides the best results for you.

HAVE QUESTIONS? The team at mPowered IT will be glad to answer any questions you may have about how managed IT services can transform your business. Call us at 678-389-6200 or contact us here.

USB Flash Drive and Their Cybersecurity Dangers

As cloud storage has grown in popularity, the use of USB flash drives has declined in many settings. The decline in popularity of USB flash drives, however, hasn’t necessarily diminished their threat. USB flash drives still enjoy a following in many environments. Data stored on USB flash drives is viewed as more secure because there is no network connectivity involved. While USB flash drives can be handy, they are only as secure as the people who handle them. One particular report from 2021 suggests that 37 percent of threats were specifically designed to utilize removable media, which almost doubled from the 2020 report (19 percent). 

What can you do?

  • Limit the use of USB flash drives. Where necessary, be sure to lock or otherwise secure areas (like the server room) so un-approved USB flash drives cannot be used.
  • Use encrypted USB flash drives with Windows Bitlocker or Mac Native Encryption. This provides a layer of protection should a USB flash drive with sensitive data fall into the wrong hands. Some models have fingerprint authentication.
  • Educate employees never to plug in unknown USB flash drives.

The bottom line: With so many vectors for cyber criminals to take advantage of, it would be easy to ignore USB flash drives. Doing so could cripple your business.

HAVE QUESTIONS? We would be glad to answer any questions you may have about how managed IT services can transform your business. Call us at 678-389-6200 or contact us here.

7 Reasons Why You Should Use Managed IT

  1. Increased efficiency and productivity. Many companies want to track and respond to issues as they happen. After switching, most businesses are shocked to learn the inefficiency of prior issue management systems.
  2. A true partner sharing risks and responsibilities. The purpose of an MSP is to deliver on contracted services; measure, report, analyze, and optimize IT operations. On a broader level, IT providers help drive the growth of the business. In truth, managed service providers assume leadership roles within their clients’ organizations, enabling risk reduction, improving efficiency, and changing the technology culture. For companies with internal technicians, they can introduce new technologies and processes or help redistribute workload for more efficiency.
  3. Better understanding of infrastructure and needs. It takes time to plan and maintain an efficient IT infrastructure. With owners’ busy schedules, IT management can go unattended for too long. MSPs are always looking out for updates, patches, and upgrades. By handling the day-to-day critical tasks, a stable and secure IT environment is maintained without burdening the company’s internal staff.
  4. A complete IT department without the expense. Most small business owners are proactive with their management of time and resources — or at least they would like to be. A managed service provider gives business owners and overwhelmed internal IT staff affordable support, monitoring, data backup and disaster recovery, network security, business continuity, and strategic technology planning without the costs of a full-time internal IT staff.
  5. Access to logs and metrics. Managed IT providers use tools that constantly track the performance and capacity of your network, databases, devices, and more. That information gets stored as logs which can be analyzed to find trends in performance associated with a specific device or database. Thus, an MSP is crucial when it comes time to make informed decisions about future IT needs.
  6. A renewed focus on your core business. Both your leadership team and your internal IT staff would much rather focus on growing your business rather than just keeping it running. Unfortunately, there is only so much time in a day. This is why routine IT tasks are often neglected, long enough to become problems down the road. MSPs are very rarely called in to replace internal IT staff, but instead are used to relieve the IT team of routine maintenance, mundane management, and day-to-day operational tasks.
  7. Timely patch and update management. When your IT staff is too busy chasing down bugs, patch management is one thing that tends to fall by the wayside. Missed patches can leave an organization at risk for downtime as security vulnerabilities open upt when patches are out of date. MSPs take these issues off your plate by managing patches and software updates.
  8. Reduced downtime and cyber risk. Because of the MSP’s ability to track down potential problems before they cause downtime, IT issues become almost non-existent. A proper security strategy will minimize your exposure to cyber threats. In turn, your “always-on” business will be seen as reliable and organized.

HAVE QUESTIONS? The team at mPowered IT will be glad to answer any questions you may have about how managed IT services can transform your business. Call us at 678-389-6200 or contact us here.

Web Analytics