Protecting Company Data From Cyber Criminals

COVID-19 has forced many businesses to have their employees work remotely. Most employers were not prepared for such dramatic changes to daily business operations and have adopted to the crisis situation on the fly.

Having employees work remotely has resulted in more vulnerable targets for cyber criminals. This is in part due to not having immediate access to colleagues to discuss online security threats. Many employees are also accessing company data on unsecured networks, and many may not be up to speed in employing best practices to protect company data and networks. This is not just something that happens in small businesses. Law firms, banks, and investment firms have been targeted with alarming success. This is indicative of businesses, small and large, not practicing safe online habits to protect company data.

One of the easiest ways for cybercriminals to infiltrate a company network and access data, hold it hostage, or even worse, facilitate the transfer of money out of the company, is by email. Many unsuspecting employees open an email, click a link, and by virtue of just those simple actions, allow the hacker to do what they want with the company’s data. A lot of the emails are cleverly disguised to fool even the most cautious.

Some general guidelines we adopt as a law firm to protect our firm and client information are:

1. Use a virtual private network when accessing firm network remotely.
2. Approach emails from unknown or unexpected sources cautiously.
3. Contact the sender of the email if there are any concerns about the email to confirm the sender did in fact send it. This applies particularly to internal emails with unusual instructions. Law firms and more recently, investment firms, have fallen victim to these internal email hacks, resulting in the transfer of trust funds to the hackers.
4. If the email invites you to click a link, you can move your cursor over the link without clicking it. A popup window, or an address at the bottom of the page should come up and show you where it would take you if clicked. If the address is unfamiliar or strange, then do not click it. Clicking these links could result in malicious software being downloaded onto your computer.

These guidelines are not just for law firms. They can be adopted to any business with company data on computers and networks. By maintaining good online security habits during this crisis and after, you and your employees minimize the potential for unwanted intrusion into your business.