As a developer at WillSuite, a will writing software platform mixing both technology and legal services, I'm no stranger to seeing people confused by the techy or legal terms thrown around like cocktail sausages at a child's birthday party. I also see many firms struggle to grasp the concepts or importance of keeping informed of how to address the latest risks to the security of your software and data. I've compiled a brief summary in plain-English (in true WillSuite fashion) with 5 quick tips you can use to reduce the risks of data theft and scams within your business.
Firstly, you should NEVER log in or provide personal information on a website which does not display the green https symbol. Have you ever noticed many websites have a green icon and the text https rather than http? That's your internet browser telling you that information shared with that website is done so in a secure manner (which is what the S stands for in https). Websites without this layer of security are susceptible to eavesdropping (and data theft/manipulation).
We all know updates can be frustrating (*cough* Microsoft *cough*) but often updates will contain the latest security patches and updates to address vulnerabilities in software. It is important that you do keep any internet-enabled devices updated and running on the latest software versions, and manually check for software updates at least once a month to address any security issues which may be in the public domain and can be exploited by malicious bots trawling the internet.
This is one which even the tech-savvy people often struggle with. How are we expected to have, and remember, a different password for each service we use? The truth is, in fact that we don't. There are many services available such as Last Pass (https://www.lastpass.com/) or Dashlane (https://www.dashlane.com) which allow you to generate secure passwords what can be remembered and used to automatically log you in to websites. Why? If one of the many services you use becomes compromised (and it happens every day by bots trawling the internet looking to harvest data), and they are not securely hashing your details, an attacker then has your email address and common passwords to access any other service (or email account) you may use.
As a will writer, the data you possess about your clientele is likely to be classed as sensitive personal data according to the data protection act, and as a data controller/processor it is your job to ensure that this is stored in a specific way, and does not fall into the wrong hands. Do you use CRM systems? Great! Are you able to ensure that data is not only stored securely with stringent access policies but also will not leave the EU? This may sound like a simple answer if your CRM provider is based locally, however, data storage is often outsourced to third party companies whose servers could be based anywhere in the world and with little policies in place to restrict access.
Possibly as old as the internet itself. Phishing (pronounced fishing) attacks are an attempt to obtain sensitive data (passwords, emails etc) for malicious reasons by disguising as a trustworthy source in electronic communication. Many tech savvy Gmail users recently fell victim to an ingenious scam involving an inconspicuous attachment coming from the account of a compromised contact which, upon clicking will ask you to log in again and then simply redirect you back. Unbeknownst to the recipient of the email, their personal email data has been stolen and their account is then used to target all of their contacts with the same scam. If you have any questions or comments, feel free to reply below or to contact me directly - firstname.lastname@example.org