I speak to students at NCCU School of Law every semester about cybersecurity for their practices. I start with the supposition that they will be starting a solo practice. They will be using a new or relatively new computer and new law practice management software. I also assume they don’t know a lot about cybersecurity.

I tell law students that just because you are a solo working from an office at home doesn’t mean you are immune to hackers. Hackers look for cracks in systems of any size, and the “small guys” are sometimes favored as launching pads in “island hopping” and supply chain attacks. A security breach can be the death knell of firms of all sizes, including solos working from home.

Law students ask me about the cyber threat from working in public places like coffee shops. I recommend they use a VPN to encrypt and tunnel their connection to the Internet, encrypted email, encrypted messaging, keystroke encryption, and encrypted data storage.

Your Network

Most likely you will connect to a home network that may have everything on it from a washer/dryer to the thermostat. Home networks are places where cyber threats may be lurking. People buy something and immediately attach it to the network, which puts them at risk. It may be the network you get from AT&T, Spectrum or one that is being used by your family. Either way, IoT (Internet of Things) devices add vulnerabilities to your network.

I suggest that you create a new and separate network for your practice’s information system.

If you are working from home or working remotely, you need to have a computer system that is current and that is supported by the manufacturer so that you can get downloads and updates from the manufacturer to keep it secure. You’ll need to go down the list of other software packages that they have on that system, such as a Mac or Windows or Linux, and maintain all of the software packages with regular updates.

Don’t use a home router. You should have a dedicated system and your own network with cybersecurity protections in place.

The level of cybersecurity you need will depend on your practice’s area of expertise. A lot of attorneys with new practices will take on a variety of cases. If you are going to be handling personal injury claims, you are likely to have a client’s medical records, so you are subject to HIPAA regulations which come with their own cybersecurity requirements. Even if you have something as basic as a client’s credit card, you hold their Personal Identifiable Information and are required to protect it from hackers.

DIY?

I suggest you begin with the help of a cybersecurity professional to get you started on the right foot and create the architecture for a healthy and sustainable system.

There is an endless amount of information online about setting up your own cybersecurity for your firm.

Can you try to do it yourself? Absolutely, but there is a high probability you won’t do everything correctly or efficiently, and this numbers the days as to how quickly you could get hacked. You’ll spend a lot more money doing things wrong, because you’ll have a lot of clean-ups to constantly do of the resulting fallout. You’ll make it easier for a hacker, and you won’t know you’ve been breached until after the cyberattack has already occurred. Did you know that one computer can include 60,000 ports? These can be access points for bad actors.

The first step I suggest is online education about cybersecurity. Companies like ours offer online security awareness core training that includes security awareness training and testing. The training looks at current scams, vulnerabilities, phishing campaigns, social engineering efforts, and emerging malware threats. Knowledge is the front line of defense against hackers and cybersecurity attacks, as most often they are completely preventable.

The post Cybersecurity for Law School Grads and New Firms appeared first on Attorney at Law Magazine.

Craig Petronella

Craig Petronella is the founder of Petronella Technology Group, Inc. (PTG) an internationally trusted IT cybersecurity and compliance consulting group with over 30 years’ experience helping federal contractors and businesses with cybersecurity and compliance regulations, and who’s patented 22-layer systems cover your People,

Craig Petronella is the founder of Petronella Technology Group, Inc. (PTG) an internationally trusted IT cybersecurity and compliance consulting group with over 30 years’ experience helping federal contractors and businesses with cybersecurity and compliance regulations, and who’s patented 22-layer systems cover your People, Processes and Technology.

Craig is an Amazon #1 Best-Selling Author of many books, including “The Ultimate Guide To CMMC”, founder of the podcast Cybersecurity and Compliance with Craig Petronella – CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001 https://petronellatech.buzzsprout.com/ and is an MIT Certified Professional in AI, Blockchain, Cybersecurity and Compliance.

Almost all of Craig’s clients are earned by referral with little or no advertising, and he is well-known and highly-regarded in professional circles throughout the US, after serving as compliance consultant and conducting onsite risk assessments for over 500 medical practices, hospitals, and business associates across the country.

Continuity of your business operations starts with cybersafety.

PTG provides Cybersecurity & Compliance Consulting Services, including:

We help defense contractors, medical practices, law firms and various businesses that are regulation comply with ANY regulation, including:

  • CMMC
  • DFARS
  • NIST 800-53 & 171
  • DFARS
  • HIPAA & HITECH
  • SOX
  • All ISO & SOC levels
  • & Many More…

We serve customers across all sectors in public & private organizations. We understand that each industry and organization has unique IT challenges and our expertise enables us to help you navigate the regulatory mandates and customize a solution tailored to your needs.