Whether it’s generating 15-digit passwords, encrypting your computer devices, or setting up mobile office cameras, we compiled a comprehensive law firm cybersecurity checklist to make sure you firm covers all its bases when protecting sensitive information.
1. Protect your passwords using LastPass
Every lawyer and law firm needs to keep track of numerous amounts of passwords, which becomes increasingly overwhelming. What tends to happen is they just use the same 3 variations of passwords for each site – NOT the best way to be doing things! If someone gets hold of only 1 password, you can imagine the destruction they could potentially do.
That’s where LastPass comes into play. By using their cloud-based plugin, they can generate extremely secure passwords for each site and remember them for you automatically using your Master Password (make sure this one is very secure). An example of an auto-generated password is “d2erq!2321e$#AdfKs0!”. You get the idea.
If you have a firm, you can even choose to share certain passwords with other partners or paralegals. The best part is – they will be able to log in to those sites, BUT they will not be able to see what the actual password is.
More info: LastPass.com
2. Enable two-step authentication for Gmail.
To ensure your email account is protected, you should consider enabling two-step authentication to add an extra layer of security to your account. The way this works is that when you sign in with your normal email address and password, a verification code is sent to your phone to ensure that you are the correct owner of the account.
More info: Two Step Authentication for Gmail , Two-Step authentication for Outlook
3. Use Box as its HIPAA compliant.
Box.com offers a secure way to keep all of your files in one place so that you can access them anywhere from any device. With enterprise-level security and HIPAA compliance, Box.com allows you to protect your confidential documents online at the highest security standards.
More info: Box.com Security Features
4. Use a secure payment processor
PracticePanther’s all-in-one legal case management software comes with a native payment processor, PantherPayments. The built-in payment processor is 100% compliant with regulations surrounding online payments from the ABA and IOLTA. This ensures that law firms can provide an easy, secure method to accept and process online payments.
5. Enable 6-digit passcodes even the FBI can’t crack.
Using a 4-digit passcode to secure your smartphone is standard practice. However, if you want to take extra precautions and ensure that the information on your phone has an extra layer of protection, you should think about enabling a 6-digit passcode on your phone. If you have an iPhone running iOS 9 or later, you can enable 6-digit passcodes that make it nearly impossible to crack.
More info: How to set up a 6-digit passcode on iPhone iOS 9
6. Enable BitLocker encryption
According to the official Microsoft site, Windows BitLocker Drive Encryption is a new security feature that provides better data protection for your computer by encrypting all data stored on the Windows operating system. So if anyone steals your laptop or takes the hard drive out, they can’t access the drive.
More info: Windows BitLocker Drive Encryption Step-by-Step Guide
7. Make your website domain private, unless you want anyone to find your home address, personal email, and cell phone.
According to NetworkSolutions, when you buy a domain name, your registrar is required by ICANN to enter your contact information – including your name, physical address, email address, and phone number – in its WHOIS database, a searchable directory that holds contact information on all of its domain name registrants. This personal information is available, free of charge, to any member of the public who decides to check domain names in the registrar’s online WHOIS database. To protect yourself, consider contacting your domain registrar and ask about making your domain private. They will typically offer this service to you for about $10/year and is a must if you consider online security a priority.
8. Lock your WordPress down with WordFence plugin.
Block hackers from taking over your website and potentially sending themselves everyone who tries to contact you. Click here to download the free Wordfence plugin, or go crazy with the premium version.
More info: Wordfence.com
9. Get a secure case management software.
It’s important to find reliable case management software that can securely store confidential documents and client info, manage your trust account correctly, and stay HIPAA compliant. It’s important as well to have backups of your calendar and deadlines so you’ll never lose important information.
More info: Learn how PracticePanther helps attorneys secure their client information.
10. Nest Dropcam – Mobile Security camera in your home or office.
The Nest Dropcam is a very useful tool to look after your office and sensitive files even when you’re away. Nest Cam can use your phone’s location to know when you’re away so when your employees leave the office, Nest Cam will know to turn on automatically. And with 24/7 live streaming, advanced Night Vision, and motion and sound alerts, Nest Cam helps you look after your office from anywhere.
More info: Learn more about Nest Cam
11. Privacy screen on your laptop when traveling.
Every so often, when you travel in public areas like airports and train stations, you wouldn’t want strangers peeking over at your sensitive information. To help prevent that, you will want to consider buying privacy screens to protect sensitive data and increase text and image clarity. Privacy filters can easily be placed on laptop screens and enable only the person looking directly at the screen to see what’s there.
More info: Buy a Privacy Screen on Amazon
12. Check for https or the secure icon on the top left when entering credit cards on websites.
Whenever you are using a website or app when entering your credit card information, make sure you see the “secure” icon badge on the top left. Some of the most popular companies that offer online security badges are Norton, McAfee, Truste, and the Better Business Bureau. Keep in mind that if the website you are on is missing a security badge, that site might not be protected.
13. Encrypt client communications with a client portal.
Do NOT send confidential emails and messages to your clients. Use secure encrypted messaging with client portals. Your client will login with a secure password so no one sees your communication. PracticePanther offers a client portal among its suite of tools for law firms.
More info: PracticePanther.com/client-portal
14. Use SnapMail to send self-destructing emails
If you choose not to use a client portal for secure messaging, you can use an app called Snapmail. With Snapmail, you can write a message within Gmail and that message will self-destruct 60 seconds after the recipient opens the link. This ensures that sensitive information never remains unprotected.
More info: SnapMail.com
15. Screen your calls with Google Voice
Google offers a free phone number called Google Voice that automatically forwards calls to your cell phone, office, or home. You can enable call screening which asks each caller to state their name before you answer the call.
More info: Google Voice
PracticePanther is a secure law practice management software that helps you manage your law firm with ease. Schedule meetings, bill your clients, manage your documents and files, create time entries, manage your clients and matters, and so much more.
Meet Ori Tamuz, the CTO of PracticePanther.com. As Ori spent 3 years in the elite cyber intelligence unit in the army, law firm security is his highest priority. Now, enjoy the freedom and peace of mind knowing that you can securely run your firm from anywhere in the world. Schedule a demo today and get 50% off your first 2 months.
Download as PDF
Want a copy of this article? Download it for free!Download This Post