One aspect of law firm marketing that your firm may not have given much thought to is information security. However, according to recent studies, hacking and other breaches of information security are actually costing companies over $1 billion every year. You can't afford to be the next victim of information security leaks. In this guide, we'll look at how you can implement an online marketing plan without risking an embarrassing or costly hacking incident.
#1: Have Longer, More Secure Passwords
This seems very easy, but when vast password leaks happen, it invariably turns out that the most common passwords are incredibly insecure—things like “12345,” “password,” and “Password.” If you're not yet using very secure passwords, consider that even adding a few additional characters to the end of your password can make it substantially more difficult to break.
Many services today will actually limit your password choices, trying to ensure that you choose a password with enough special characters and numbers that it will be difficult for a hacker to guess. However, you should also make sure that your longer password is something you can remember easily. One of the best ways to make a password that is both secure and easy to remember is to abbreviate a sentence that you'll remember for a long time. It can be a saying, a favorite movie quote, anything—just use the first initials of each word, perhaps substituting an occasional number or special character where you feel they'll be memorable (like 1 for I, and so on). For example, “Life isn't fair, it's just fairer than death, that's all,” becomes “l1f1jftdta.”
#2: Use Secure Software
How do you know if the software you're using is secure? It's not always easy to tell. In general, the more commonly used a piece of software is, the more likely it is to be secure—but the more likely it is that hackers are trying to find their way around its security systems. The two ways that you can choose to deal with this issue are to use programs that are less common (a solution commonly called “security through obscurity”) or to only use programs from companies that have good track records of keeping data safe.
#3: Avoid “Social Engineering” Hacking
Even if you have fantastic passwords and great software, they might not be enough to save you from a breach if a social engineer comes to your workplace. These are hackers who specialize in charming others and in some way misrepresenting themselves in order to gain access to your data. The best way to avoid social engineering hackers is simply to be aware of their existence. Make sure that any staff who have been given your social media passwords are aware of the existence of these hackers, and that they understand no passwords are to be given to anyone without authorization of specific people in your law firm.
A common guise for a social engineering hacker is as a tech support person from a company whose software you use. The hacker comes in, says they need to do some software updates or fix a computer problem, and simply asks for the password you took so much time coming up with.
#4: Keep Hardware and Software Updated
Even the most secure software can have occasional vulnerabilities that are exposed by either hackers or people working internally at the company to fix bugs. When breaches and vulnerabilities are discovered, companies develop software patches and driver fixes that can make them run better while being less vulnerable to hackers.
If you're not routinely updating your hardware and software, including both software applications and your operating system, you could be setting yourself up for a serious information security breach. The higher the profile of your law firm, the more likely it is that a hacker could try to use a backdoor into your computer systems to try to obtain your data.
#5: Read Up on Information Security News
In order to know which software packages are most likely to remain secure and what the biggest topics in keeping your information safe are, you'll need to start looking into information security news. It may not seem like the most exciting topic, but having this understanding will mean that you're able to plug security holes faster and get through major security weaknesses involving widely used programs without having your data compromised.
For example, let's say that you find out that a new critical security flaw has been found in Java. You may choose to disable Java runtime environments on your computers until the breach has been fixed and Java can be updated on your machines. While this kind of thing may seem like it takes time and hurts efficiency, the amount of productivity and money lost to a single information security breach is massive—keep in mind that an ounce of prevention is worth a pound of cure.
#6: Own Up to Mistakes and Leaks Right Away
Uh oh. The worst thing happened, in spite of all your efforts: you've been hacked. Your website's a graffiti-covered mess and you're not sure how much of your clients' data was obtained by the hackers. When something like this happens, there's a tendency in some companies to want to sweep it under the rug. However, things like this tend to come out—and when they do, you'll want to have been transparent the entire time. If you're seen as lying or trying to cover up the truth, you're going to risk losing a great deal of face and sacrificing a reputation for honesty and forthrightness.
#7: Use Different Passwords For Different Services
Too many people, once they have a password that “works” for most services, use that password over and over. The problem with this way of thinking is that when you operate with just one password, it only takes people knowing one of your passwords to learn all the others.
Make sure that each of the social networks you're using, as well as your website, have different passwords. This will help ensure that even if someone manages to get hold of a password for your social media accounts, they won't have passwords for your automated emailing program.