Data Security: Defense and Offense

The information gathered by attorneys is clearly confidential, regardless of how it is received. With more and more of the world moving online, either through necessity or desire, it's more important than ever to ensure data is secure. We have some helpful tips in terms of what to look for from your software provider. But the number one threat to your data? Well, it's you.

The Best Offense Is A Good Defense

Let's start with making sure the tools to help defend your data are in action and up to snuff.

• Spam Filters: Gmail and Outlook have built-in spam filters. So you don't need to do anything with those options. Likewise, most platforms where you communicate have some protection. The trick here is to ensure you update your browser and app settings as soon as updates are available. Many updates address newly found security issues, so staying on top of this is key.
• Anti-Virus: In case somehow one of the data security issues got through to your device before it was caught by your browser company, anti-virus software detects and cleans it up. Now, of course, that's only for the known issue or viruses that are found on your device.  There are a lot of options out there. I really like Malwarebytes. They offer a free version that does a good job. 
• Firewall Software: Firewall software monitors data packets coming to or from your computer and blocks outsiders from accessing your private data. Think of this as a monitor for your data transmission. If the data doesn't look safe, it's stopped in its tracks. If it looks safe, it continues on its route. Norton offers a nice firewall option. 
• Pop-up blocker: Now, not all pop-ups are bad. But it is important to block the ones that are. Browsers, including Chrome, Firefox, and Safari, all offer custom pop-up settings so you can decide which sites are allowed to show pop-ups and which aren't. Which blocker is best for you depends on your preferred browser. Check out this NY Times article to find out more.
• File encryption: This is a favorite of mine. Encryption basically takes the information that travels over your WiFi system and encrypts it with a secret code. It's important that data traveling from or to your computer are encrypted during transit and at rest. This is pretty techy stuff. Suffice it to say, file encryption is key. Encryption for email is set by your provider, so just search on your email provider and encryption. If you want to download a tool, CNET provides a safe and reliable listing.

So, presuming you have some level of use of each of these defense tools, it's time to move to the offense strategy.

For The Offense

Sad but true, we are our own worst enemies when it comes to data security. More often than not, data issues happen because we follow some clickbait, don't consider the sender information carefully, or make another kind of honest mistake. Below are the most common causes of data issues and how to proactively address them.

• Hacking: Most of the time, hackers affect your data without any human interaction. They can be executed through an online ad that just appears on your screen, like so many do, and deposit some malware. There are lots of types of hacking, though. Some hackers do it for financial gain - stealing a credit card number, etc. Some do it for street credentials - pumping up their image in the hacker subcommunity. Others so it as a form of espionage, corporate or government.
  • The best way to deal with this? Make sure your browsers are up-to-date. As browser providers find the code, they quickly write and implement an update to block that same issue from happening again. Make sure you regularly update your passwords. And while your cat's name is lovely, no doubt, look to create something more unique. Change your passwords periodically, too. Consider using a password safe, like LastPass or the like.
  • As a side note, you may be aware of the different hat colors of hackers. A black hat hacker is generally malicious in intent, focused on financial gain or espionage. A white-hat hacker is a technology professional who searches for openings for potential hackers before they are able to exploit it, and then provides the fix before any issue is caused. Then you have the middle ground - the grey-hat hackers. These are individuals who look for 'holes' in the technology and rather than releasing malware, they contact the company and look for payment in order to close the vulnerability.
• Phishing: Generally through email, someone sends a message that the user opens, thinking it's a trusted entity. We are all busy, no doubt. So when you glance at the sender name, you may recognize the name and then open the email. It's important to check the whole address of the individual. Oftentimes, our brains kind of 'fill in the blanks'. So perhaps it's a message from Joe Smith, a known individual, with CharlieBrown.com, another known entity. However, a minor typo could be present that you simply miss. So it could be Joe Snith with CharleyBrown.com. You get the idea. So you open the email, read it, and proceed to click on a link or open an attachment. That's a prime example of phishing.
  • The best way to combat phishing is to make sure you are reading the 'from' email address thoroughly. If you open the email and see several misspelled words or very poor grammar, it's best to immediately delete the email and contact the supposed company that is sending the message. Go to their website and look for an email address or even a chat feature and see if they sent that message. Better yet, if you know Joe Smith, pick up the phone and let them know.
  • There are several forms of phishing, including angler phishing (executed on social media), smishing (executed through texts), vishing (executed through a phone call), whaling (impersonating a C-level executive from your company or client company), and on and on. Suffice it to say, if you don't know them, or receiving the message is out of the ordinary, do not click on anything. Report it to the supposed entity sending it, if appropriate. 
• Ransomware: This is a specific type of malware where files are encrypted by the ransomware, making them impossible to open by the owner without the 'key'. Individuals who have been affected by ransomware are required to pay a fee for the key. As such, their information is ransomed. 
  • The best way to protect against ransomware is the same as for malware. Make sure browsers are updated. Change passwords regularly, and make sure they are a bit more complex. If you receive a notice, from a trust and verifiable source, that your information has been found in a data breach, immediately take steps to correct that situation.
• Physical Breach: Unfortunately, hardware can get lost. Whether it's a laptop, a phone, or even a thumb drive, a physical breach can result in a data breach. Obviously, the best thing to do is to make sure you keep an eye on your devices, but even the most conscientious person can have a lapse. 
  • The best protection is to ensure all devices are password protected. Whether it's a numeric, text, a combination, or even a visual, like Face ID. That's the first step. From there, make sure your devices are 'findable'. The benefit of using an online option is the device can be erased remotely. Sure, you are still out of the device itself, but the data is secure. Other options are available, like a Tile or the AirTag from Apple. The downfall here is that the data can't be erased, but the device can be 'tracked', as long as the tracker remains connected to the hardware. 

Taking a defensive as well as offensive approach helps keep your data safe. By simply carefully monitoring emails, keeping your software updated, including browsers and computer hardware, and proactively managing passwords, law firms build on data security already provided by their software providers.