Back to Basics: Email Security Best Practices for Law Firms
Data safety is an important concept for law firms, and for good reason. Most jurisdictions have rules for lawyers that explain the bare minimum of what they are required to do to protect client data. Then, throw in legal technology options, cloud drives, document sharing, social media use, servers, the ability to accept online payments…data safety entails a lot of considerations. While those are certainly important, it seems that the conversation has dropped away from technology we use every day: email. Email security is an important concept because it is still used to gain information (including login credentials) for critical systems. If you and your law firm employees don’t know and use email security best practices, your data remains at risk regardless of the other data protection safeguards implemented.
Remember You’re Dealing with Sensitive Information
While we’d all love to believe that the disclaimer placed at the bottom of law firm emails that state the email is intended for a specific recipient and should be destroyed if it is received by a non-authorized party is something that we all follow. Mistakes happen when we’re adding email recipients. We don’t always double check. We also don’t always double check that we’re adding the appropriate document. That’s why our first email security best practices tip is to always remember you are dealing with sensitive information.
Ensure that you’re sending the right document to the right recipient. You may even consider encrypting your email in certain situations. Gmail and Outlook (the two most common email programs) both make email encryption simple.
Use a Secure Password Generator
We know this won’t be the most popular email safety best practices tip we give, but it is an important one. A secure password generator creates a random, secure password that you can use for your email (or any other website). Using the same password for every login is a dangerous practice. If someone can guess your password or gains access to it somehow, you could face a lot of problems.
We know that the main concern with using a randomly generated secure password is whether you’ll be able to remember it. Using a program such as LastPass allows you to set one master password and then generate secure passwords that LastPass will remember for you. However, programs like LastPass aren’t without their flaws. If you can’t remember your master password, you can try to reset it, but if your data becomes corrupted, you will likely lose all of your password. (I learned from personal experience several years back. Despite contacting LastPass, my account could never be recovered because, according to them, all of the data was corrupted.)
Don’t Play “Getting to Know You” Facebook Games
This may not seem like an email security best practices tip, but it is. They look harmless: first pet, first car, first job, favorite teacher, elementary school. All of those inquiries (and several others made in those “games”) are potential password reset questions. Do not play those games. The answers could be used to reset your email password or even the password to your online bank account.
If you participated in a similar “getting to know you” post on social media, go change your security questions and answers as well as your passwords. And promise us that you’ll never respond to those things again!
Use Two Factor Authorization
Gmail, other email programs, and many other technologies allow you to use two factor authorization. It is an added layer of security for your data. Even if your password is compromised, there is extra security. Examples of two factor authorization include the program sending a text message to your cell phone with a code to enter to finish logging in, a PIN number only you know, or even unlocking your cell phone to finish logging into your email (thanks, Android!). Two factor authorization is one of the more recent email safety best practices that you can use. It’s simple to set up!
Learn How to Find and Understand Email Headers
Phishing still happens. For those that don’t know, phishing is when you receive an official looking email that wants you to “log in and verify your account.” In addition to email, this also happens over the phone. Do not ever provide your account number to anyone calling and stating they are with a certain organization. If they were really with them, they would see the number (or at least the last four) on their screen. They also wouldn’t ask you for your password.
When you open the email (if you open it), you’ll see a little arrow near the “From” email. You can click that and it will give you more information about the email. From here, it’s generally fairly simple to figure out if you’re receiving a legitimate email. And when in doubt, call the company listed in the email and ask if they emailed you for any reason. Don’t call any phone number in the email. Call the official number for the company.
Report phishing emails to your ISP, block the sender, and make sure your entire law firm knows and understands how to spot these dangerous emails.
Use Antivirus Software That Scans Emails and Attachments
Our final email safety best practices tip is to make sure that your law firm uses an antivirus software that scans emails and attachments for dangers. Your IT department or the company with whom you partner for IT services should be able to make an appropriate recommendation for your law firm.
Email Safety Best Practices Are the Backbone of Data Safety
In an ever changing world full of technology, data safety will remain a priority. Regardless of how technology changes, email security best practices will always be needed.