How to Secure Your Firm’s Website
BY Justin Torres
LISTEN
Too many attorneys leave themselves open to threats and hackers.
A common misconception is that online security is a technological problem, but in reality, it is a management problem.
Let’s get physical
The first line of defense for any law firm is physical security. Attorneys and staff assume that a firm’s internal network is secure enough to share and store sensitive files, as if they were photos from the company picnic. A single computer inside your firm’s network can download keystroke loggers and other malware that will cause trouble for months to come.
Staying away from personal email and social media accounts while in the office greatly reduces the chances of clicking on a deceptive link. Placing your computers behind a firewall can prevent outsiders from snooping your network, but can also be rendered useless by user error. Some professionals include email disclaimers asking that accidental emails be deleted, but no such enforcement actually exists. Avoid public wifi hotspots whenever possible. Traffic across these networks is often sent unencrypted, allowing your sessions to be hijacked with just a few clicks.
All computers should have a fresh install of a modern operating system with the latest patches applied. In addition to being illegal, pirated software should be avoided because it may be packaged with backdoors and viruses. Microsoft Security Essentials and avast! are just two examples of powerful security utilities that should provide enough protection against the bulk of shady internet activities.
Your password is probably "password"
No online service is immune to intrusions. A search for "password leak" will show hundreds of companies in the past year that have become victims of hacking. Researchers analyze the lists of passwords that are leaked for trends, and the results are hardly ever surprising. While most web sites will obfuscate passwords when saving them, dictionary words, profanity and sequential number passwords take merely minutes to crack using the processing power of a tablet device.
For frequently-used accounts, the challenge is creating a password that is both secure and difficult to forget. One method of creating crypto-logically, sound passwords that are easy to remember is to combine four unrelated dictionary words to make a nonsense phrase such as “pizza meter disco gravity.” If a cracking computer was guessing 1,000 passwords a second, it would take 550 years to crack your password, compared to the three minutes it would take to crack “p4$$w0rD.” The best part is you already remembered “pizza meter disco gravity,” so it does not need to be written down.
It’s highly recommended that you use different passwords for each of your most important online accounts, never share your password with anyone, and phase out the use of weak passwords.
Your web site should be a web safe.
When a firm wants to create an online presence, the design, marketing strategy and content all factor into what capabilities the website will need to have. With countless proprietary and open source web solutions in existence, some firms try to re-invent the car by commissioning a custom web system to fit their exact needs. Almost certainly, within a year the site will be obsolete, no one will know how it worked in the first place, and there will be talk of replacing it again.
Open source software is generally believed to be less secure than proprietary or custom written software, when the opposite is actually true. Content management systems, or CMS, such as WordPress and Drupal, are free and continuously have their source code scrutinized by thousands of code-savvy individuals and professionals. There are huge communities of developers that extend the functionality of these content management systems so they work for a majority of needs.
When maintaining a site, there are three crucial rules that should always be followed:
- Keep privileges to a bare minimum - Limit staff and clients permissions to the lowest settings that they can get by with.
- Document everything, always - Poor documentation is the bane of any programmer working on another programmer’s code.
- Always stay up to date - When an exploit is discovered and then patched, web sites running older versions become targets almost instantly.
There is no such thing as perfect security, but a few good habits can bring peace of mind.
LATEST STORIES