10 top tips on desktop security for law firms26/04/17
Cyber security has been the subject of repeated headline news over the past few years. It’s a stark warning about the enhanced threats to our IT infrastructures and the need for constant vigilance of IT usage in the workplace.
Worryingly, despite its high-risk status, cyber crime remains fairly low down law firms’ agendas. Let’s give cyber crime the attention it deserves. After all, it really is better to be safe than sorry. To help you out, here are 10 top tips on desktop security to create a robust, reliable and secure cyber environment…
1. Update to the latest operating systems.
It’s all about Windows 10. If you’re using an older platform, it’s time to consider migrating. Definitely so if you’re still running an unsupported operating system such as Windows XP and Vista. That’s because patches and system upgrades will become infrequent or will have already stopped altogether, making you easy prey for hackers and hijackers.
Once you’ve moved to a supported and better-performing operating system, keep it current by regularly checking for, and applying, updates. This could be a simple process of ensuring your automatic updates field is activated.
2. Install anti-virus and anti-spyware software.
You wouldn’t go rock climbing without a safety harness, so don’t operate your PC or laptop without virus and spyware protection. There’s no point thinking “it won’t happen to me”. Hackers are always searching for their next victim. In addition to paid for products there are some good free alternatives so there’s no excuse. However, do thoroughly evaluate open source software beforehand. Due diligence at all times, remember. With your software selected, install it and keep it up to date.
3. Never open email attachments or click on links sent to you from unknown sources.
If you receive unsolicited emails, the best course of action is to delete them unread. Don’t, under any circumstances, open any attachments contained therein as these are the primary channel through which viruses are spread. The same applies to links. Only click on links if you’re confident they’re virus free.
Phishing scams are a well-publicised modern phenomenon. They’re attempts by perpetrators, via email, to get you to view malicious attachments or click through on web links so they can infect your device. Similarly, they often try to trick you into giving out personal information such as your bank account details, passwords and credit card numbers. This valuable data has a monetary value to cyber criminals. Don’t let them get their hands on it.
4. When uploading and downloading files (particularly sensitive documents) for transfer purposes, only use trusted sites.
E-working demands the electronic transfer of Word, PDF, Excel and other file types. Following on nicely from tip #3, if you receive email attachments from an unknown sender, be wary, and run downloaded files through your anti-virus software before saving to your network. Similarly, to email sensitive documents, encrypt them before attaching and submitting your email message.
5. Set strong passwords, change routinely, never share with anyone and don’t write them down.
The biggest IT security problem is poor selection and protection of user passwords. Password cracking is a favoured activity of people trying to break into computer systems, often just for the fun of it. A strong password should be at least 8 characters long, containing a mix of upper and lower case letters, numbers and special characters. It’s good practice to regularly change your passwords. Don’t store the details in a computer file titled “passwords” or write them down on a post-it note stuck onto your screen! The only truly secure place for your passwords is in your own head. Don’t tell others either because no genuine company would request your passwords (again, see #3 above).
6. Make periodic back-ups of documents and data stored in your hard drive, keep back-up devices safe and, ideally, encrypted.
Much of the content on our hard drives is essential to business functions and often irreplaceable. Back it up regularly; daily if possible; weekly at least. Better still if you can encrypt everything during the procedure. That way, in the event of an unexpected technical hitch or, in this case, cyber attack, you’ve got a spare set of business-critical information and files, even if a little old.
Recovering a day or so’s work is far preferable to recovering a week, month or longer. By wasting time tidying up the mess, you could delay your live matters with potentially disastrous consequences.
7. Always lock the screen or log out of your computer when you leave your work area, even if it’s “just for a minute”.
“Just for a minute” can easily turn into an hour (or more) if you get side-tracked on your way to make a quick cuppa. Few of us work in isolation so stop others making unauthorised access to your computer by getting into the habit of auto-locking your screen. Locking your Windows PC involves two simple key strokes: Windows and L. At most four keys: Ctrl, Alt, Delete and ‘Lock’. If you know you’re going to be away from your desk for a prolonged period, such as a meeting or training course, log off completely.
8. Limit web browsing to work-specific sites if practicably possible.
While many business managers don’t like being too prescriptive with employees’ surfing activities, during working hours there shouldn’t be a need to visit anything other than work-related websites. Lunch hours are different, of course, but it’s easy to restrict web access to reputable, trusted shopping and social media sites with web filtering software.
9. Be careful when logging into public WiFi connections as fake hotspots can be created by cunning cyber criminals.
In today’s modern work environment, mobile working is increasingly common. This could be your lawyers logging fee earning activity into your time recording system in court, or your managers having a coffee break in Starbucks between off-site business development meetings. Take care when logging into WiFi hotspots, making doubly sure it’s not a fake network manned by a would-be identity thief. Even when you’re certain that you’re on a legitimate public WiFi network, it’s best to avoid performing banking or online shopping transactions.
10. Data on paper is the same as data on the screen. Your identity’s at stake so protect it or shred it.
Even the most technically savvy amongst us still need to print off important or sensitive documents every once in a while. Don’t leave them lying around for prying eyes. Store print-outs securely and use a personal shredder for safe disposal.
More from our blog
Brexit VAT changes | A guide for law firms & small businesses
We liaised with accounting and legal VAT experts to help clarify some FAQs around what Brexit means for UK VAT-registered businesses selling services to overseas customers.Read More
Five practical tips to improve your document management
DocsHub brings all your files, emails and legal forms together. Here are our five best practices to make a document management system a breeze.Read More
In conversation with Jay Bhayani
To help budding startups to get their businesses off to a flying start, we caught up with Jay Bhayani at Bhayani HR & Employment Law to share her wisdom on the practicalities of setting up a law firm.Read More