A guide to stronger passwords for lawyers
November 22, 2019 in Security
By: Lorita Ba
Cybersecurity and data protection may not be at the forefront of most lawyers’ minds, especially with pressing deadlines, evolving laws and ongoing work with clients — but that doesn’t mean it should be neglected. Data breaches can have serious consequences, especially when it comes to protecting confidential information at your law firm. According to the Breach Level Index — a database responsible for tracking breach statistics — nearly 5 million data records are lost or stolen every day. With personal client data at risk, taking the necessary precautions can prevent firms against a breach and keep their reputation intact. As having strong passwords can be the initial step in protecting your firm, here are five tips for making sure they are hard-to-crack:
Consider using a password manager
Password managers, like 1Password or LastPass, create unique passwords for all of your accounts. Consumer Reports notes that while there has been growing encouragement across the web to create stronger passwords, there has been no guidance on how to manage them, which means they’re often reused for many different accounts. Cybercriminals will exploit these vulnerabilities. With a password manager, all you need is to create one solid, complicated password that’ll be used as your master key — once you have that created and memorized, the password manager will do the rest for you.
Long and complicated is best
Hackers are familiar, as are you, with the quick and easy picks for log-in credentials. “Password123” is not a viable password, nor are the names of your children or pets. Despite years of advising against it, variations of the word “password” remain one of the most common picks out there. Out of 130,000 passwords analyzed by cybersecurity company Rapid7, 4,000 of those included the word “password,” says Consumer Reports. While unique characters and uppercase letters can be useful for strengthening passwords, length may be the most important aspect of creating a solid line of defense. Once you have a range of 12-15 characters, hackers are much less likely to be able to guess their way in, reports Wired. Avoid simple patterns or pop culture references, and mix it up — or better yet, make up your own phrase and include special characters.
Recycling is bad for passwords
This is where a password manager can really come in handy. Researchers discovered that 2.2 billion stolen email and passwords had been posted online, aggregated from years of data breaches across various websites. That means that using the same password for your favorite blog and your bank account could put you at serious risk.
Embrace two-factor authentication
With 62% of Americans using two-factor authentication, it’s becoming a much more commonplace practice throughout the internet. 2FA often involves entering added verification sent to a smartphone, a one-time code, along with your password. By using the multi-step process, which consists of a proof of knowledge (like a password) and physical proof (like having your phone by your pocket), you’ll be ensuring a more trustworthy, secure process that your clients will appreciate, says Law Technology Today.
Change can be a good thing
While updating passwords too frequently can lead to forgetting them — and getting increasingly less creative with adjustments — it is important to remember that the longer a password is used, the more likely it has been deciphered by a hacker. If you hear that a company has had a security breach, one that you’ve used, change your password (even if you’re not sure if it affected your account). Also, if you have accounts that have gone untouched for a while, delete them. This can avoid your log-in credentials getting breached, just because of an old AOL account you had years ago.
In the digital age, it’s vital for everyone to do their best to stay a step ahead. Hackers are becoming smarter, which can be risky for your law firm if not properly secured. Start by taking measures to have strong, complicated passwords. However, if you’re looking to take it a step further, consider utilizing cloud technology for further data protection. The Afinety Cloud Platform is designed specifically for law firms by law firm experts.
To learn more about moving your network, and the data protection of the cloud, click here.