Whether it’s generating 15 digit passwords, encrypting your computer devices, or setting up mobile office cameras, we compiled a comprehensive security checklist for you to improve your law firm’s security and keep your clients information safe.
1. Protect your passwords using LastPass
Every lawyer and law firm needs to keep track of numerous amounts of passwords, which becomes increasingly overwhelming. What tends to happen is they just use the same 3 variations of passwords for each site – NOT the best way to be doing things! If someone gets hold of only 1 password, you can imagine the destruction they could potentially do.
That’s where LastPass comes into play. By using their cloud-based plugin, they can generate extremely secure passwords for each site and remember them for you automatically using your Master Password (make sure this one is very secure). An example of an auto-generated password is “d2erq!2321e$#AdfKs0!”. You get the idea. If you have a firm, you can even choose to share certain passwords with other partners or paralegals. The best part is – they will be able to login to those sites, BUT they will not be able to see what the actual password is.
More info:
LastPass.com
2. Enable two step authentication for Gmail.
To ensure your email account is protected, you should consider enabling two-step authentication to add an extra layer of security to your account. The way this works is that when you sign in with your normal email address and password, a verification code is sent to your phone to ensure that you are the correct owner of the account.
More info:
Two Step Authentication for Gmail
Two-Step authentication for Outlook
3. Use Box as its HIPPA compliant.
Box.com offers a secure way to keep all of your files in one place so that you can access them anywhere from any device. With enterprise-level security and HIPAA compliance, Box.com allows you to protect your confidential documents online at the highest security standards.
More info:
Box.com Security Features
4. Use LawPay as a secure payment processor
LawPay is legal payment processing company specifically built for attorneys. They help attorneys accept trust account payments and take the fee from the operating account. Lawpay is the most trusted and recognized merchant processor approved by the ABA. They offer PCI Level 1 Certified Fraud protection so you can ensure that your online payments are secure.
More info:
LawPay.com
5. Enable 6-digit pass codes even the FBI can’t crack.
Using a 4-digit passcode to secure your smartphone is standard practice. However if you want to take extra precautions and ensure that the information on your phone has an extra layer of protection, you should think about enabling a 6-digit passcode on your phone. If you have an iPhone running iOS 9 or later, you can enable 6-digit pass codes that make it nearly impossible to crack.
More info:
How to set up a 6-digit passcode on iPhone iOS 9
6. Enable BitLocker encryption
According to the official Microsoft site, Windows BitLocker Drive Encryption is a new security feature that provides better data protection for your computer by encrypting all data stored on the Windows operating system. So if anyone steals your laptop or takes the hard drive out, they can’t access the drive.
More info:
Windows BitLocker Drive Encryption Step-by-Step Guide
7. Make your website domain private, unless you want anyone to find your home address, personal email, and cell phone.
According to networksolutions.com, when you buy a domain name, your registrar is required by ICANN to enter your contact information – including your name, physical address, email address and phone number – in its WHOIS database, a searchable directory that holds contact information on all of its domain name registrants. This personal information is available, free of charge, to any member of the public who decides to check domain names in the registrar’s online WHOIS database. To protect yourself, consider contacting your domain registrar and ask about making your domain private. They will typically offer this service to you for about $10/year and is a must if you consider online security a priority.
8. Lock your WordPress down with WordFence plugin.
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware. According to their website, Wordfence is powered by the constantly updated Threat Defense Feed, which is a firewall that stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Their Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. Wordfence is free for the basic setup, but they also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing and will even check if your website IP address is being used to Spamvertize.
More info:
Wordfence.com
9. Nest Dropcam – Mobile Security camera in your home or office
The Nest Dropcam is a very useful tool to look after your office and sensitive files even when you’re away. Nest Cam can use your phone’s location to know when you’re away so when your employees leave the office, Nest Cam will know to turn on automatically. And with 24/7 live streaming, advanced Night Vision, and motion and sound alerts, Nest Cam helps you look after your office from anywhere.
More info:
Learn more about Nest Cam
10. Privacy screen on your laptop when traveling.
Every so often, when you travel in public areas like airports and train stations, you wouldn’t want strangers peaking over at your sensitive information. To help prevent that, you will want to consider buying privacy screens to protect sensitive data and increase text and image clarity. Privacy filters can easily be placed on laptop screens and enable only the person looking directly at the screen to see what’s there.
More info:
Buy a Privacy Screen on Amazon
11. Check for https or the secure icon on the top left when entering credit cards on websites.
Whenever you are using a website or app when entering your credit card information, make sure you see the “secure” icon badge on the top left. Some of the most popular companies that offer online security badges are Norton, McAfee, Truste, and the Better Business Bureau. Keep in mind that if the website you are on is missing a security badge, that site might not be protected.
12. Do NOT send confidential emails and messages to your clients. Use secure encrypted messaging with client portals.
Attorneys need something more secure than email. If you are serious about security, you should consider communicating with your clients by sending encrypted messages through a secure client portal. Through the portal, clients can securely view their invoices, previous payments, operating and trust account balances and messages without ever having to worry about information getting in the wrong hands. If you want to send documents securely without having to use email, simply attach any document or files you wish to share and send it to your clients within the client portal.
More info:
PracticePanther.com/client-portal
13. Use SnapMail to send self-destructing emails
If you choose not to use a client portal for secure messaging, you can use an app called Snapmail. With Snapmail, you can write a message within Gmail and that message will self-destruct 60 seconds after the recipient opens the link. This ensures that sensitive information never remains unprotected.
More info:
SnapMail.com
About PracticePanther Security
Meet Ori Tamuz, the CTO of PracticePanther.com. As Ori spent 3 years in the elite cyber intelligence unit in the army, law firm security is his highest priority. Now, enjoy the freedom and peace of mind knowing that you can securely run your firm from anywhere in the world. Schedule a demo today and get 50% off your first 2 months using coupon code “ATL50”.
The post The Ultimate Security Checklist for your Law Firm appeared first on Law Practice Management Software | PracticePanther.com.