Spring Clean your IT security
It’s that time of year again where the spring flowers are blooming and the spring clean is being negotiated. You may not have considered a spring clean of your IT security knowledge or corporate network security. So, we have put together a few quick tips to help you remain safe online and tidy up your corporate access.
Leavers Process
It’s easy to get lost in a checklist when someone leaves your organisation. So much of our day to day lives are now online. Individuals will have accounts and sign in credentials for numerous websites, portals, and systems. With the rise in working from home knowing where your equipment is and what it is being used for is eve more important.
- Are you certain that all the credentials relating to your previous employees have been disabled?
- Is their email address still active?
- If you use The Cashroom can the leaver still access the Cashroom Portal?
- Can they still access your CMS/Bank accounts/other software remotely?
- Do you have an accurate asset register, so you know what equipment is in people’s homes?
- Are you able to remotely manage your devices in case of theft or other mishap?
Cyber Attacks
Cyber-attacks are getting increasingly complex, and fraudsters are always developing new strategies to try and separate you from your sensitive information. It is important that you don’t succumb to paranoia, but everyone should always try to remain vigilant when it comes to IT security.
- Be wary of spam and suspicious emails – this includes emails that look like they are from someone you normally communicate with, but the content may be asking for something out of the ordinary.
- Only open an email attachment or click on a link if you’re 100% certain of its source & you were expecting it. If you’re unsure, don’t open it.
- Look out for changes to phone numbers, email addresses and bank account/payment numbers etc. Don’t be afraid to double check any changes with the email sender but call them at a number you know exists or begin a new email chain from scratch. Don’t click reply or use the details in the suspicious email – you may end up “verifying” the change of details with the fraudster!
- When accessing the internet, check the web address has “https” in front of the address (sometimes shown with a padlock icon). The “s” means that the site is secure. Also check that the address is spelt correctly and is the usual web address that you use for that site.
- We are always told never to reuse or write down our passwords. Have you considered investing in a password management software, which can securely store and remember your passwords so that you can always have a unique and complex password every time you need one?
Social Engineering
Social engineering is an increasingly common type of confidence trick for information gathering, fraud, or system access. Fraudsters know we are savvier when it comes to dodgy looking email attachments. They are now playing on our personalities and common human foibles. They will rely on humans wanting to help each other out or taking advantage of our natural intrigue.
- Examples of social engineering tricks can include a fraudster sending an official-looking announcement to the company that says the number for the help desk has changed – when employees call for help the individual asks them for their passwords and IDs thereby gaining the ability to access the company’s private information.
- Another example of social engineering would be a hacker leaving a USB stick on the floor in or around your office, possibly titled “cute puppy pictures”, “2022 promotions” or “payroll data”, hoping someone will pick it up to see what is stored on it. Malware would often then be automatically downloaded to the computer and the wider network.
Two-factor authentication
Two-factor authentication is recommended by the Nation Cyber Security Centre for use on important accounts and email. Utilising two-factor authentication makes it harder for cyber criminals to access your online accounts. It also adds extra security to your accounts.
- Two factor authentication can be done through authenticator apps where the app will give you a unique code each time to log in.
- You can use your phone number where the account will send you a text code or ring you to verify it is you.
- Using two-factor (2FA) or multi-factor authentication (MFA) also helps your firm achieve compliance with guidelines such as GDPR. This is particularly important as law firms are subject to strengthened confidentiality regulations due to the data held.
- Software providers and companies are increasingly asking customers to use multi factor authentication (MFA). Do any of your systems allow this?
Backup
Law firms of any size hold valuable and sensitive information that can be exploited by cyber criminals. You should ensure you are backing up your firm’s data to secure servers. This includes all firm data such as client and case data.
- A common way to back up firm data is through the cloud. This is where a copy of all data is sent to the cloud. Either in real time, or periodically as files are uploaded. This provides extra security and protection of your data.
Reviews
Conduct and plan regular reviews of your IT security and ensure everyone in the firm is aware of your policy.
We hope that this “spring clean” list is of some use. Obviously, this isn’t intended just for springtime. You should use these tips throughout the year to ensure that your systems are constantly reviewed. Check your IT security is working well for you and your business.
For more information on cyber-attacks, social engineering and how to keep your firm secure, pleased contact your IT provider.
For all Cashroom clients with leavers please contact your Cashroom representative if you have any staff that need removing from the portal. If you would like more information on how to do this yourselves, please refer to the portal help icon. In the Help Centre, you will find articles on how to add a new user and how to disable a user.
Rachel Faris, IT and Data Protection Administrator at The Cashroom Ltd