Articles

Austin ALA Business Partner, TerminalB Presents

  

Law Firms Should Secure Accounts with Dual Factor Authentication…Now.

Cybercrime is on the rise. According to a 2018 report published by global cybersecurity firm McAfee, more than two billion online users have had their personal data stolen or compromised over the last few years. Approximately 780,000 records were lost, and 80 billion malicious scans took place in 2017 alone. One in 13 web searches leads to malicious pages and 68% of breaches took months or longer to discover. This will only get worse.

Details have been released of the first class-action lawsuit against a law firm for inadequate security measures. A complaint filed in April 2016, Shore v. Johnson & Bell, alleges that the law firm engaged in “systematically exposing confidential client information and storing client data without adequate security.”  “There is no evidence the client’s information was actually compromised – only that it could have been.”

Considering the current climate, it's no wonder why websites and applications are increasingly adopting Dual Factor Authentication (2FA) for enhanced protection of users. Also known as Multi-Factor Authentication (MFA), this technology provides an effective layer of additional security for accounts. Popular services like Google, SalesForce, and Office 365 all use 2FA to protect their users and ensure that their private data doesn't end up in the wrong hands. In most cases, 2FA can be enabled for free and, according to Symantec, 80% of security breaches could be prevented with 2FA.

How Does Dual Factor Authentication Work?

In this digital era, having a strong password is no longer enough to keep your email and other online accounts secure. Cybercriminals are now using cutting-edge software to gain access to computers, web portals, and online banking apps. Dual Factor Authentication has emerged in response to these threats.

This technology uses several factors to secure your accounts. These include:

  • Something you know (such as a PIN number, secret questions, or passwords)
  • Something you have (such as a smartphone, laptop, voice, retina, or fingerprint)
  •  

Hackers may be able to easily crack your password to gain online access, but hijacking your mobile phone, for example, creates a considerable challenge to hackers. Even though these things can happen with 2FA, they're not common.

Additionally, the latest authenticator apps, such as Authy, Google Authenticator, Microsoft Authenticator, and LastPass Authenticator, feature extra layers of security. Some will randomly generate six- or 10-digit codes that refresh every few seconds. This makes it a lot harder for cybercriminals to make their way into your system.

The idea behind this technology is that a second, or even third, authentication factor will compensate for the weaknesses of the other factor(s). The simple act of entering a code that you receive on your phone provides greater security than using a password alone.

2FA for Microsoft Office 365

The best way to understand how 2FA works is to use a real-life example. Let's take Office 365, for instance. In 2017, Microsoft began increasing its efforts to make passwords obsolete. The tech giant launched an app that completely eliminates the need to use passwords. Furthermore, users can turn on 2FA for all Microsoft services, including Office 365.

Once enabled, users continue to use Office 365 like usual. The difference is that they will have to enter the code received on their mobile devices into the system to log in. Alternately, using an application like Microsoft Authenticator allows users to simply approve an alert on their personal cell phone as a second form of authentication, bypassing the need for a code at all. Most services that use 2FA involve the similar experiences. With dual-factor authentication, you and your team will have peace of mind knowing that your accounts are secure and much less vulnerable to data breaches.

Why Not?

Again, in most cases, 2FA can be enabled for free. Even though logging into your accounts may take an additional step, it's worth the effort. Multi-Factor Authentication not only increases security, but it may also help law firms reduce their operational costs and maintain productivity in the workplace. Plus, you’ll have peace of mind knowing that you won’t have to deal with the embarrassment, hefty costs and legal repercussions of a data breach.

Terminal B is your trusted advisor on Dual Factor Authentication, Microsoft Office 365 and other technologies law firms rely on.

By Greg Bibeau

 

 

How would your firm survive a Catastrophe?

How would your firm survive a Catastrophe? 

A managing partner once told me, “After my people, our data is our most valuable asset.” The value of data is undeniable. Unfortunately, so is its vulnerability. Critical information can be lost due to server malfunction, hackers, power surges, broken water pipes or any one of a hundred unpredictable disasters. Data backups are important, but they may not be enough.

What Is the Difference Between Data Backup and Disaster Recovery?

In a nutshell, data backups only store the information itself. While this is a crucial step, most companies require a range of different applications to function properly. For example, imagine if your server crashed overnight. You had the foresight to back up all of your clients’ information, but you had no access to email or accounting software. Without a disaster recovery plan, your firm could come to a grinding halt.  

In cases of catastrophic damage, it can take hours or even days to get everything back online. A proper disaster recovery plan can save you thousands of dollars in lost time, revenue, and opportunity. However, your plan must be in place (and thoroughly tested) before disaster strikes.

What Does a Disaster Recovery Plan Look Like?

Every firm is different, and so is every recovery strategy. It is crucial that your plan reflect what is important to your firm. Two important concepts to keep in mind are:

  • RTO - Recovery Time Objective: How quickly do we need to recover? Does your firm need to be back online in an hour, or in 24 hours? Faster is always better, but it is also more expensive. You can also narrow this down to certain services. Typically email is more critical than closed cases for example.

 

  • RPO - Recovery Point Objective: How much data can we afford to lose? Is a day fine or just a matter of hours? We even have some firms setup where it is less than 15 minutes, but as with RTO, faster is more expensive.

 

The goal of any disaster recovery plan is to minimize RTO and RPO by bringing crucial systems back online as quickly as possible. For instance, if your company relies on email but the network is down, your plan may allow employees to start sending and receiving new emails within the hour. However, archived emails may not reappear for 8-24 hours. That’s why it is important to prioritize which programs and information are most important to your company. 

Outside of RTO and RPO, there are other key factors to consider:

  • What data needs to be protected, and how quickly does it need to be recovered?

  • What is our budget?

  • How would you notify employees or clients about an outage (if traditional communication was unavailable)?

  • In the event of a facility disaster, things become more complex. How will our employees work? From home or another location? Where can our attorneys meet with clients?

  • How often should you test your disaster plan to make sure it’s working?

Remember, the right contingency plan can make or break your business. It is possible for companies to develop the plan in house, but there are proven benefits to consulting a professional legal technology firm like Technology Pointe. We can help determine what kind of services you need, but more importantly, they can help develop a plan that will scale and grow as your firm does. 

by Dustin Bolander