2020 encouraged businesses to think outside the box and use technology to their advantage. Whether this was to move a business to a remote working and flexible environment or adapt services and process online for easier access and availability, businesses had to move quickly to reduce any impact from the pandemic.
Legal companies have therefore been presented with a unique challenge to adapt quickly while remaining secure. Here are 10 security practices you can implement in 2021 to assist with this challenge.
Keep software and products updated with the latest installations and patches. These will help to ensure that the products and software you are using across your business are secure with the latest security updates.
2.Plan ahead – Risk & Incident Management
Look to the future by developing and implementing risk & incident management processes and protocols within your business, specifically for data protection and security. Use a security lifecycle to help continuously develop and improve the security within your business. We recommend working closely with your Data Protection Officer (DOP) to create these practices and policies.
3.Start within – Network Protection
Only install trusted apps/software and secured devices to connect to your network. We also recommend managing the privileges of everyone who has access to your network and add an additional layer of protection by installing firewalls and antivirus software to protect your network.
4.Protect Sensitive Information
Make sure you know where all your data is located and secured – watch our webinar ‘Where is your data?’ to understand how you can protect your data and recover after a security breach. Back up all your data on a regular basis to a trusted and secure source. This will help to recover any lost data in the event of a data breach and get your business back up and running.
Continue protecting your data by using secure passwords. We recommend using a passphrase and storing your passwords in a password manager. Click here to find out more about passphrases and how to create yours.
5.Connect to your business securely
Sometimes you need to complete a piece of work as quickly as you can using the items available. To ensure your company remains protected, issue secured devices to all your employees or work with your employees to secure their own devices including mobile phones, tablets and laptops, by using services such as Multi Factor Authentication (MFA) and Two Factor Authentication (2FA). This means that no matter where your employees are working from you can rest assured that the devices, they are using are working to protect your data and company.
However, be aware that these devices could be accessed when connecting to unsecure networks such as public wi-fi. We recommend setting up a VPN for your staff and clients to use which will help to ensure that all your information is kept secure when connecting to any insecure wi-fi access points.
*If you cannot connect to a VPN, never submit personal or company data when using an unknown network and if you are unsure, opt for using your data or wait to connect to a known secure network.
6.Be careful what you click
Avoid clicking or downloading anything from an unknown website, email address or stranger link. Nowadays we are bombarded with emails which contain documents, files, images, videos and more. It is incredibly easy to quickly hit download but always take a moment to check who is contacting. An email address should match the sender’s name and be spelt correctly with a known domain used.
Services such as Dropbox, Microsoft OneDrive, iCloud for Business, ShareFile and Google Drive can offer a safer alternative to safely share files both internally and externally in your business. (Find out more about the best cloud file sharing technology for legal here).
If in doubt and you are ever unsure about who the true identify of a sender is, always ask the sender directly and do not reply to the email or download the attachment.
7.Follow our website check list when visiting new sites
When visiting a new website check the following before submitting any details:
- Does the URL of a website begin with ‘https://’? - this helps to identify if the site uses secure encryption to protect your data in transit.
- Check the URL address is spelt correctly i.e. co.ukand NOT www.amozon.co.uk.
- Reviews can help you to spot any inconsistencies when purchasing from a website. Where possible use trusted brands and a known payment method i.e. PayPal or Visa options?
8.Should this be public? - Working on the go
As we enter 2021, we expect that more people will be working on the go to fit with a flexible workstyle. This may mean that you find yourself working on public transport, in a coffee shop or on a client’s site. If this is the case, make sure to be mindful of your surroundings. Is your conversation actually private or is there a potential for sensitive information to be overheard? It is worth being especially cautious when using video chats and screensharing – make sure the viewer is only seeing the information you want them to see.
Additionally, for those social butterflies in the company, we recommend developing a Social Media Policy as a guideline for staff to refer to when posting company focused content online.
9.Know who to report incidents to
If you are unsure if something is safe, always ask. Make sure all staff and clients know who they can report incidents or queries to when regarding your businesses IT security. All staff should be aware of who your Data Protection Officer (DOP) is and the process to report any security breaches or issues. It is always best to speak up if you believe something may be a security risk to help protect you, your colleagues and your clients.
Cyber-attacks and incidents can happen to anyone so it’s important to remain resilient. Educate both your staff and clients on the latest security recommendations and how to stay cyber aware. There are many services available to help teach your staff the best security practices – use this information together with your own security processes to keep your staff and clients well informed and reduce the impact of human error.
Start improving cyber security at your legal business today and if you would like more information about how you can secure your company call us on 020 7036 5830 or email us today.