Cybersecurity key tips
10 Sep 2019
The Law Society of South Africa has noticed an increase in cybercrime and has published some cybersecurity tips. These are oulined below.
1. Take out cyber theft insurance policy
2. Train staff – this is a continuous activity
3. Ensure payment security is effective – Verify banking details, use emails in conjunction with telephone verification, deposit small amount in clients or service providers/ 3rd parties account and verify receipt of deposit or transfer – multi authentication
4. Cyber breach – it’s not if but when – do you have a continuity plan, insurance, communication policy or mitigation (back up etc.) when it does occur?
5. It is the responsibility of all staff to ensure ICT resources are secure
What can you practically do?
• Avoid Phishing scams – beware of suspicious emails and phone calls – refer to this article dealing specifically with this threat – there are common sense approaches to avoid being a victim.
• Do not store sensitive data on your device and you must ensure the file is password protected. Refer to the LSSA guideline on information security.
• Ensure that the all staff change their passwords regularly and these should be strong passwords (minimum size and mix of characters) and that users are locked out if the maximum numbers of days for the password change has been exceeded. Passwords should not be repeated.
• Always ensure that all software up to date – install all updates for operating systems and programs- especially security updates (ensure auto updates are selected for all programs and browsers).
• Ensure you do not have click happy staff – do not open attachments from unknown parties, do not visit unknown websites, only download software from trusted sites. Malware (malicious software) is often hidden in attachments or in the body of the email requesting users to click on a section.
• Mobile devices (banking apps and easy access to log in to server and network) are a security risk and must be password protected and be physically kept secure.
• Do not leave your device unattended (computer, tablet, laptop, phone etc.) Physical security is a basic tenet for ICT security.
• Ensure a back-up facility is mandatory (software) or if in a small practice set rules and policies and monitor compliance.
• Antivirus protection for emails, laptops, and servers is a must and these must be regularly updated (ensure auto update is enabled).
• Do not allow any staff member to plug in personal devices into the network, without adequate ant-virus scanning of entire device (this includes smartphones).
• Memory sticks should not be allowed to be plugged into any office equipment, unless it is provided by the firm and has built in anti-virus and/or scanned by anti- virus software, prior to being accessed on a firm computer/device.
• Ensure security systems on your equipment is enabled – Firewalls.
NB: The above is applicable to ALL members of the firm, including the principal partner