Beginners Guide to Cybersecurity

Most exchanges of information today are digital. Especially during the COVID-19 pandemic, reasonable cybersecurity measures are vital to safeguard digital information from unauthorized access.

It has long been held in technological circles that there are two kinds of businesses: (1) the enterprises that have been hacked, and (2) the enterprises that will be hacked. But it's just such a part of life nowadays and that is the mindset that you should have. For example, on May 22, 2017 the ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 477R, touching upon the ever-increasing cybersecurity threats to law firms. The Formal Opinion goes to the extent of clarifying that it’s a lawyer’s ethical obligation to protect confidential client information when transmitting information over the internet.

Below is a list of 10 general cybersecurity “best practices”. Regardless of the industry, you can implement these cybersecurity measures, especially when working remotely.

1. Make sure your computer requires you to enter a login password at start-up. In addition, auto-login should be disabled.
2. Enable your screensaver with a short “wait time” (2-5 minutes). Furthermore, check the option for “Require password after sleep or screen saver begins”.
3. Use strong and complex passwords. Don't use 1234 as your password or the name of your dog. Common dictionary words, past passwords, and context-specific words (such as derivatives of the service being used) should be avoided.
4. Use a password manager (such as LastPass or 1Password) with a strong “master password”. Password managers will help you keep a repository of all your passwords.
5. Use multi-factor authentication to secure password storage and controls. The multi-factor authentication allows a user to safeguard a digital account by requiring that the user provide additional proof of identity beyond a password. For example, you will have to provide an access code sent in an SMS or email.
6. Encrypt files stored on your hard drive by enabling FileVault (Mac) or Bitlocker (PC).
7. Information should generally be protected during transmission using industry-standard encryption technology, which prevents communications from being intercepted and read as they travel from end-to-end.
8. Consider using secure cloud-based storage (e.g. FileCloud, TextMap, Dropbox, pCloud, Resilio, Xbundle) instead of local storage. If information is stored in the cloud, depending on the nature of the information, it may sometimes be appropriate to encrypt the information before it is uploaded to keep control of the encryption key out of the hands of the cloud provider.
9. Be mindful of public internet use in hotels, airports, coffee shops, and elsewhere and considering protective measures such as personal cellular hotspots or virtual private networks (VPNs). Public Wi-Fi may provide hackers with access to unsecured devices on the same network, allowing them to intercept passwords, credentials, or to distribute malware.
10. Download programs and digital content only from legitimate sources and don’t open attachments from unknown email senders.

You should always make reasonable on-going efforts to be educated about evolving cybersecurity risks and best practices. For example, over the past few months, the use of Zoom video conferencing software has exploded. With the spread of COVID-19, many organizations have to work from home. Online conferencing tools are being used to host everything from remote meetings to yoga classes. At A2J we are aware that Zoom has been a commercial platform used to hold remote meetings. Thus, below are some cybersecurity considerations for Zoom.

1. Use a unique, automatically generated meeting ID, not your personal meeting ID.
2. As an additional layer of security, the meeting should be password-protected with a unique password.
3. The password should be shared with the participants via a medium other than via the Zoom invitation email.
4. Use the “generate automatically” option to randomly create a new meeting code per meeting to keep someone who has a link from a prior meeting from joining.
5. Participants should be instructed to not forward or share the hearing invitation.
6. Additional participants should be invited directly by the meeting host.
7. As an additional layer of protection, use the Waiting Room feature to prevent strangers from “Zoombombing” your meeting.
8. Require Encryption for 3rd Party Endpoints (H323/SIP). This means that Zoom Meetings, when a participant is using a different room-based solution, will require an encrypted connection.

Final Thoughts

The term cybersecurity has come into existence to encompass the broad range of issues relating to protecting privacy from intrusion. Cybersecurity comes down to the implementation of reasonable measures to protect digitally stored information from intrusion.

Even if you don’t use Zoom, many of these guidelines apply to other video conferencing applications and other digital tools. A2J believes that you should use technology while preventing data theft, privacy loss, and online harassment. We hope these tips are helpful to prevent data breaches. Stay safe out there!