Cybercrime dangers are many, complex and ever-changing. Hardly a day goes by without another news report of a data breach or other cyber-related scam or theft. Cyber criminals have considerable resources and expertise, and can cause significant damage to their targets. Cyber criminals specifically target law firms as law firms regularly have funds in their trust accounts and client data that is often very valuable. This article, from the December 2013 issue of LAWPRO Magazine, reviews the specific cybercrime dangers law firms need to be concerned about, and how they can mitigate their risks.
People inside your office have the greatest knowledge of your systems and where the important data is located. Many of the largest and most damaging cyber breaches have been caused by rogue or soon-to-be-departing employees. You should take steps to reduce the likelihood that a cyber breach will be caused by someone inside your office.
When hiring a new employee, make sure you are diligent. Carefully check their background and speak to references. Look for any red flags on an application letter or résumé, and watch for issues during the interview process. Watch for someone who is withholding relevant information, or who has falsified information on the application.
Assess the overall integrity and trustworthiness of the candidate. Consider doing police and credit checks (after obtaining consent) as persons in financial difficulty may be under pressure and become tempted to steal your firm’s financial or information resources. Doing all these things can help you avoid hiring an employee who could be a problem.
When any employee leaves your firm, regardless of whether they are leaving of their own accord or are being terminated, ensure that your systems are protected. Keep a log of any mobile devices held by your staff (e.g., laptops, smartphones, USB drives, etc.) and ensure that they are recovered immediately upon termination. Immediately close all points of access to your office and computer systems, including keys and access cards, login accounts and passwords, email accounts, and − in particular − remote access facilities. If you discharge an employee who has access to critical company data, let them go without warning (you may have to give them a payment in lieu of notice), and don’t allow them any access to a computer after termination.
There are literally dozens of steps you should complete systematically to make sure all points of access for departed employees are closed down. See the practicePRO website for a detailed “Employee departure checklist”.