In a time when cybercriminals are continually developing new tactics to compromise personal and business data, it’s more important than ever to find ways to improve network security in your firm.
We’ve all heard of or read about data security breaches at some of the world’s largest organizations, including the paralyzing cyberattack on DLA Piper last year. DLA Piper is one of the largest legal firms in the world with more than 3,500 lawyers and offices in over 40 countries. Unfortunately, it’s also well known for the Petya malware attack it suffered last year. The attack began at DLA Piper offices in Madrid and caused a pre-emptive shutdown of the firm’s U.S. IT operations. The firm suffered weeks of disruption and millions of dollars in recovery costs and lost business. It also didn’t look good. DLA Piper had previously touted its cybersecurity expertise and even blogged about it ahead of the Petya attack.
The DLA Piper incident serves as both a warning and an opportunity for other firms, like yours, to take stock of and improve your own network security today.
Ways to Improve Network Security
Network security is important. Securing your network will help protect the integrity of your firm’s data and better ensure that your systems are not breached. The good news is that there are clear ways to improve your network security and reduce the risk of attacks against your firm. Here, we present four strategies you can institute today to keep your business up and running. Protections range from creating better passwords to partnering with vendors on network monitoring services.
1. Improve your password security.
It may sound simple or obvious, but better passwords really can help protect your business. The fact is, people are still using bad passwords. Research from a password management security company suggests that nearly 10 percent of people have used have used one of 25 of the "worst passwords" which include "123456", "password", and "starwars". Yes, starwars.
Generally, best password practice is to use fairly complex passwords and to occasionally change them. Educate your staff on what types of passwords to avoid and why, such as the above examples or others like “welcome”, “login”, or “password1”. Send regular communications and tips to your firm about these strategies, or include it as a topic at quarterly all-staff meetings.
Some additional tips for strong passwords include:
- Make it at least eight characters and use a combination of uppercase and lowercase letters, special characters, and numbers. A general rule of thumb is the longer the stronger. If you can create a password that is 12 to 15 characters, even better.
- Don’t use a password that appears in a dictionary.
- Avoid using your home phone number, address, name, social security number, or any other identifying or potentially public information.
- Don’t reuse passwords on multiple accounts. If your password becomes known, bad actors can access multiple accounts.
- Use a password manager to help you create strong and unique passwords. A Wired article suggests 1Password or LastPass.
- Don’t allow your browser to remember your password. While it’s convenient, it’s also not the safest practice.
- Don’t give out your password to others, either in person or online. Phishing emails, for example, will often attempt to glean this information from you; many are sophisticated enough to look real.
2. Add a critical layer of protection.
Another way to improve your network security is to partner with an expert. There are many qualified firms that can help you monitor and protect your critical business systems – this might be an especially good option if your firm lacks the dedicated IT resources needed for network security. Look for a reputable vendor that can provide a customized level of network monitoring and support.
At N8 Solutions, for example, we keep tabs on network activity and provide around-the-clock peace of mind to firms of all sizes and needs. Our approach is to work to fix problems before you even realize there’s an issue.
When researching potential vendors, look for a match that provides a full range of services, which may include:
- Monitoring, alerting, and ticketing
- Client access portals and 24/7 remote access – many services let you monitor systems and tickets in real-time, from anywhere.
- Immediate remediation and recovery
- Anti-virus scans and driver updates for servers
- Patch management
- Training for you, your IT department, and entire staff
A common phrase in our field is that your security is only as strong as your staff; people can often be the weakest link in an otherwise robust cybersecurity plan. Seek a partner that focuses on people, processes, and technology – the three “pillars of cybersecurity”.
Often, there is a misconception that network security is only about the technology, but if you don’t have smart processes in place, and if your staff doesn’t follow them, then technology can only do so much! That’s why we take a people-first, technology-second approach at N8 Solutions. We take the time to truly understand your people and your business to best protect your information and make your working life easier, so that you can focus on what matters – serving your clients and growing your firm!
3. Establish a backup plan to avoid data loss.
A data backup plan will help you preserve critical data so that you can keep your business up and running during and following an attack. After all, no matter how much monitoring and protections you put in place in advance, the fact remains that cybercriminals are finding new ways to breach systems, every day. Smart firms will plan not only to thwart attacks, but also to recover from them if or when they happen.
While a data backup plan should already be a component of your network security strategy, depending on the size and nature of your professional services firm, you may lack the internal resources and expertise to put one together. Consider partnering with a qualified vendor to create a customized backup plan that will help you get up and running as quickly as possible in the event your data is deleted or compromised. Customization is key, as you need a plan that suits your firm’s unique requirements or regulations for uptime and recoverability.
When seeking a vendor for recovery solutions, look for one that can ensure that your critical information is secure, backed-up, and most importantly, accessible, even during a network failure or disaster.
Most vendors, including N8 Solutions, offer a range of services to protect your data, or what we call, the backbone of your business. This includes:
- Incremental backups
- Centralized management of protected systems
- Cloud-based solutions for instant recovery
4. Educate your front line.
Lastly, we return to people, the key pillar of a good cybersecurity strategy. Chances are, the majority of your non-IT staff feels like network security has nothing to do with them, which is a misconception. Ultimately, everyone at your legal or professional services firm is responsible to some extent for keeping data secure. And the best way to encourage the right level of involvement and smart practices is through education.
Everyone at your firm should be aware of their roles and responsibilities when it comes to network security, not only in terms of how they use technology and devices to perform their duties but also how they can adjust behaviors to help reduce the risks of intrusion. Inform your staff on the general risks and effects of data security breaches. Provide clear and helpful content on topics like the most common signs of phishing or how to improve and protect passwords.
We recommend setting up regular training for your staff – old and new – on the role they can play to protect your firm’s data. This can occur in-person or online, depending on your preferences. If you’re working with a vendor on network security monitoring or data backup, look for a firm that specializes in high-quality, customized, and effective training and education to meet the unique needs of your firm.
We hope this post helps shed some light on the importance of network security for your firm. The incident at DLA Piper demonstrates that even large firms with robust IT resources can be infiltrated. But taking measures to improve your network security, from establishing a backup plan to educating your staff, will not only reduce the risk of a breach but also help you recover more quickly in the event an attack occurs.
Remember that in some cases, you may want to connect with an external vendor for boosted security. A qualified partner can help you initiate network security measures, or review and improve upon those you currently have in place. Investing in your firm’s network security has become a critical business practice; doing so will help ensure business continuity, establish your firm as a leader, and retain the trust of your clients.