Two-Factor Authentication Alone Isn’t Enough Protection
Two-factor authentication is required for online security, but it’s not enough. You will need multi-layer security to keep your law firm’s valuables safe from cyber-bandits.
Do you use two-factor authentication to safeguard the confidential client information and work product stored on the computers in your law office?
Is two-factor authentication the only safeguard you are using to protect sensitive data from cyber threats?
If you’ve taken no security precautions beyond adding two-factor authentication, you’re going in the right direction but you may need to take a few more precautions to keep your information safe.
What Is Two-Factor Authentication?
In case you aren’t familiar with two-factor authentication, it’s a way to prove that the person who has entered the correct password to access your computer or account is, in fact, you (as opposed to a cyber thief who managed to get hold of your password through illicit means, such as a phishing scam).
To confirm it was you who entered the password, your two-factor authentication service will provide a one-time verification code through various methods: an app, text message or call. You type in that code and — presto! — your account is unlocked.
Cybercriminals Keep Upping Their Game
Of course, if the cyber thieves happened to steal your phone, then they’d be the ones receiving the verification code, not you. If your phone is locked but text messages show the contents, they’d see the code. And if they have access to your email account, they may be able to initiate a password reset. You could reduce the risk of such catastrophe by using a two-factor authentication service that sends you the verification code only after you’ve successfully answered a challenge question.
Technically, that’s three-factor authentication (password, challenge, code), but that gets to our larger point:
Two-factor authentication is inadequate given the threats you’re up against.
Now I want to be clear – we believe it is absolutely crucial to enable 2FA on all your crucial accounts, at a minimum. It is by far one of the most important steps toward protecting your data.
Granted, you’re a smart, well-informed lawyer, trained to avoid looking at the world through rose-colored glasses. So it’s unlikely you’ll fall prey to a phishing scheme — provided you’re not operating on autopilot when an email arrives from someone convincingly purporting to be a client, colleague, vendor or creditor.
However, I’ve heard many personal accounts of tech-savvy lawyers falling prey to a phishing scheme.
Cybercriminals are constantly honing their heinous skill set. As a result, they fool a lot of people. And, unless you’re ever vigilant, they can fool you too. This is why you cannot rely solely on two-factor authentication.
What Can You Do to Add Multiple Security Layers to Your Computer?
For starters, get an integrated anti-phishing platform. These typically involve filtering all your incoming email through an AI-powered service that looks for signs of fakery afoot. If an email you receive triggers machine suspicions, you’ll get a warning to run, not walk, to the nearest exit. These platforms can also analyze your email opening-and-answering habits to let you know whether scam artists are likely to consider you an easy mark.
A password manager.
On top of that added layer, start using a password manager. It’ll spare you the need to create unique passwords for the dozens of online accounts, thereby eliminating the dangerous temptation to recycle the same password over and over. The password manager automatically generates random passwords for each online account — no two passwords are ever the same or even similar. Password managers also encrypt those passwords for greater security.
Automatic, frequent backups.
Backing up your files also counts as an additional layer of security. You could do it manually, but I have found through 17 years of helping lawyers with their IT that this approach invariably fails. It is better to use a service that automatically and frequently backs up your data, ideally to a cloud-based, third-party service provider.
It’s a Law Firm’s Duty to Beef Up With Multi-layer Security
To recap, one layer of cybersecurity is good, but it’s no longer enough. You need additional layers of security to protect you from today’s data loss threats.
The good news is that beefing up your computer’s security is relatively simple, relatively painless, and a relative bargain considering what’s at stake.
As a lawyer, you must take all possible measures to protect the client-attorney privilege, and you have an ethical duty to fulfill that requirement. Fortifying your data with multi-layer security is a smart way to satisfy that duty.
Do you need help finding a reputable Managed IT Services provider for your Law firm? Contact us today for a free consultation. Our team of Outsourced IT Support experts can help you find the best managed IT provider for your needs.