Why Employees are the Biggest IT Security Threat for Law Firms

Posted by Mark Jennings - February 13, 2017 - Secure Print, Legal

AdobeStock_48357183_Attorney.jpegYour firm’s employees are good people. You hired them, you vetted them, and you know them well. But good people sometimes make inadvertent mistakes. Though they rarely have malicious intent, employees are some of the most vulnerable intangible assets when it comes to cyber security.

Most often, employees can’t be blamed for their IT mistakes. Just as you educate employees about the way you run your firm, you must also educate them about cyber security. Despite a reliance on technology in business and in our daily lives, few people have ever truly been taught how to recognize IT security threats—and that can lead to costly mistakes.

In law firms, everyone from partners to administrative assistants should be trained in IT security best practices in order to prevent cyber-attacks, data loss, and other costly networking mistakes. 

Here are a few of the most important cyber security procedures all employees need to learn:

Recognizing Phishing

Phishing scams are designed to trick people into providing valuable information. The most common type of phishing attack that a law firm might experience is an email scam. Employees receive emails that appear to be from legitimate sources, but the real purpose of these emails is to trick people into providing sensitive information.

Phishers try to convince people to install malicious software or hand over information under false pretenses. Law firms need to train—and test—their employees in order to prevent phishers from gaining access to this information.

Creating and Protecting Passwords

No doubt your law firm uses several applications, such as email or practice management software, in order to facilitate your work. Proper password management isn’t always common sense; employees actually need to be taught best practices for creating and protecting their passwords.

Password awareness should include the basics such as how to create a secure password, never writing a password down, and changing passwords every few months.

Recognizing Social Engineering

Social engineering is a form of business attack that could be called a “con job.” It involves manipulating people to get them to break normal security procedures, often appealing to their willingness to be helpful. For example, the attacker might pretend to be a coworker who has some kind of urgent problem that requires access to additional network resources.

In order to avoid social engineering attacks, law firms need to have clear security procedures in place. These procedures should include defined outlines for exactly who has access to which pieces of information.

Following IT best practices goes beyond using the latest technology at your firm; it’s about staying ahead of risks and disasters that have the potential to bring your company to a screeching halt. While your employees may have the best intentions, they need education in IT best practices and cyber security procedures in order to help make your law firm truly secure. To start implementing better IT security best practices at your firm, contact SymQuest today.

IT checklist for law firms call to action

  The Ultimate IT Checklist for Law Firms

about the author

Mark Jennings

Mark Jennings is SymQuest’s Area Vice President of IT Sales. Jennings works with SymQuest’s sales and service teams to educate customers on current best practices around data protection, disaster recovery, security, and overall technology planning.

Mark Jennings
LinkedIn

Comments