Cybercrime dangers are many, complex and ever-changing. Hardly a day goes by without another news report of a data breach or other cyber-related scam or theft. Cyber criminals have considerable resources and expertise, and can cause significant damage to their targets. Cyber criminals specifically target law firms as law firms regularly have funds in their trust accounts and client data that is often very valuable. This article, from the December 2013 issue of LAWPRO Magazine, reviews the specific cybercrime dangers law firms need to be concerned about, and how they can mitigate their risks.
In many firms, it is common for lawyers to use personal smartphones or tablets for work purposes. This is often referred to as “Bring Your Own Device” or “BYOD.” Lawyers or staff may also work at home and even access the office network from a personal home computer. Both of these practices raise significant cyber risks.
Permitting staff to use their own smartphones or tablets makes great practical sense. They already own and are comfortable with the devices so the firm does not have to incur the cost of buying them or paying for wireless plans. However, if these devices connect to the office Wi-Fi or network, or if they are used to create documents that will be sent to the office, they can potentially deliver a malware infection to the office network.
Young people have a very high exposure to malware as they are more likely to engage in many of the most dangerous online activities, including using social media, downloading programs, and file sharing. As a result, it is far more likely that any device children or teenagers are using is infected with malware. This is a concern because using a compromised computer for remote access to your office can bypass the firewall and other security mechanisms, potentially delivering a malware infection to the heart of your network.
To be absolutely safe, avoid using a home computer or other device for work purposes if it is used by others. Where a home computer is being used for work purposes, the steps outlined in this article must be followed to protect the office network and systems from cyber risks. Creating separate user accounts will make things more secure, but a better alternative is to have two partitions on your home computer. This essentially means there are two complete sets of software on the computer: one that only you would use, and one that others in the house would use.
Where a home computer or other BYOD device is being used for work purposes, the steps outlined in this article must be followed to protect the office network and systems from cyber risks. Staff education is key for reducing the risks associated with the use of personal equipment. Technology use policies should be in place to ensure all necessary steps are taken to address relevant cyber risks.
See the practicePRO Technology Use Policies Resources for sample BYOD and remote access policies.