Happy New Year! I am not accustomed to writing and typing 2017, yet here it is, 2018! As a technical consultant and owner of a Computer Networking & IT Solutions firm, I spend a great deal of time thinking about small to medium sized business IT technologies and solutions. I also spend a great deal of time educating my clients regarding the types of cyber security exploits that exist and implementing solutions to protect their pc’s and computer network against these threats.
Unfortunately for all, cyber security exploits and threats are not going away in the new year. There is not just one product to protect you from them. There are many steps you must do. The good news is that over the past few years, many pc users have learned about these exploits and are changing their behaviors when opening emails and browsing the internet. Behavior changes is a very big component of combating cyber security threats. You just don’t want to become robot-like and blast through email. You must Stop, Think, Process, and Question the validity of emails. In other words, slow down and think before clicking!
One of the security technologies that is on the rise for small to medium sized businesses to implement is two-step authentication, also called two-factor authentication or multi-factor authentication. Two-step authentication adds a secure layer for remote access to the office pc’s, servers, and data by utilizing a verification method with a cell phone or smartphone the user has in their possession. Two-step authentication requires a user to enter the username and password and then a verification message is sent to the cell phone for approval. The bad guys are kept out, even if a password has been compromised. Additionally, another security technology, that adds another secure layer, is a secure mobile access (SMA) appliance. The secure mobile access appliance is used on a computer network to verify the permission of the mobile devices; pc’s, laptops, tablets, that have remote access to the computer network.
In the December, 2014 edition of the PA Family Lawyer, I wrote an article “IT New Year’s Resolutions for 2015.” Many of you have implemented improvements towards “best practices” for computing, along with cyber security practices. Hopefully, you will look at my IT Resolutions for 2018 and think to yourself, I have already implemented that one. The list consists of easy to implement, inexpensive ways to protect your pc and client data.
Here are my top 10 IT New Year’s Resolutions for 2018. Please repeat after me…
- I will change my password every ninety days, make it at least 12 digits in length and make it strong with uppercase letters, lowercase letters, symbols, and numbers. I will not write my password on a post-it note and stick it to my monitor!
- I will use a passcode, finger print, or face ID on my smartphone, which will automatically encrypt my data on the phone and be used to unlock the phone.
- I will not open email from an unknown sender, and I will not click on a link or attachment within an email from an unknown sender.
- I will make sure that I have an updated anti-virus software on my pc and/or laptop. (A paid for anti-virus software subscription, like Bitdefender, Symantec, McAfee)
- I will apply all of the latest patches and updates from Microsoft or Apple to my pc or laptop on a monthly basis.
- I will make sure that I have an on-site and off-site backup of my data, and I will perform an annual test restore of the off-site backup.
- I will use a business class firewall with security services and not just the standard modem/router that comes from the internet provider. I will make the firewall admin password on the device a strong password. If I already have a firewall in place, I will check the admin password and make sure that it is not set to the default admin password.
- I will use print to pdf instead of save to pdf in Microsoft Word to remove metadata from my pdf documents.
- I will use email encryption software when I need to send personal information within an email or attachment to my clients.
- I will attend and provide my staff Safe Computing/Cyber Security Training annually.
As attorneys, you possess vital personal information for your clients and you have a duty to protect it with multiple layers of digital security. Just as you would protect their hard file with multiple locks and different keys; i.e., your client file is stored within a locked filing cabinet, within a locked office, within a locked building. The electronic file should be as well!
Happy Holidays and Happy New Year! May you practice safe and secure computing in the new year!
Alicia A. Slade, MS, MBA, is the President of Plummer Slade, Inc., a computer networking and IT solutions firm located in downtown Pittsburgh, PA. Ms. Slade has been providing technical consulting services to law offices for over 20 years. Plummer Slade is exclusively endorsed for IT Solutions by the Allegheny County Bar Association (ACBA).