Most states require attorneys to be technologically competent in order to practice law. And one of the most important competencies — if not the most important — is keeping your information secure.
The most common reasons for security breaches are human error or through secret, accidental installation of viruses and malware.
There is a lot of advice on keeping your computer safe, the most frequently offered piece being: have strong passwords. Today’s column will focus on a few simple and low-cost security tips to minimize the chances of accidental breaches and giving sensitive information to the wrong people.
Make sure you have the correct email addresses. Giving a client or a third party the wrong email address can usually be embarrassing but when communicating vital information and documents, it can be disastrous.
I rarely give email addresses over the phone because people can type it incorrectly. For example, when I say my first name, people might think Steve, Steven, or Stephen. And when I say my last name, a lot of people type words like Chong, Cheung, Chuang, and Jung.
If possible, have people send the email address in writing. People usually do this through text messaging.
If you can’t get an email address in writing, there is one more thing you can do. When sending the first email, verify it by asking a security question that only the two of you know. Usually it’s the name of a common connection.
Don’t share files via email. Sending files via email is convenient and what we are used to. Some email hosts have virus detection software that detects malicious code before you open them. But sending files via email should be minimized or avoided altogether if possible.
Sharing files takes up email storage space. Particularly if you have to send the same files multiple times because the person on the other end couldn’t open it the first time. Eventually, you will get a warning that you will not get any more email because your storage space limit has been reached, and you will spend considerable time deleting everything.
Also, if your email address is hacked, the hacker can get access to your sent files and use them for whatever nefarious purpose.
If you do share files, delete them immediately to eliminate the above problems. I understand that some people prefer to keep old emails, usually to verify that they sent them in case a client or a third party claims that they didn’t receive them. If this is an issue, you may want to request that the client respond to confirm receipt.
Instead, share files via the cloud. There are cloud storage programs where two or more people can upload and share documents. Most are relatively inexpensive, and some are even free.
Ignore suspicious emails. While this is common sense, and lawyers are generally pretty good at detecting scams, sometimes even the best of us can be fooled. Usually suspicious emails come in two forms.
The first is when a potential client reaches out asking for your services. To get your attention, these people claim that the potential payout is worth six — or more — figures.
In most cases, these spammers are easy to detect. First, they usually mass mail everyone so they do not address you by your name. Instead, the email starts with “Dear Sir or Madam.” Second, the email is usually not addressed to you, but instead to “undisclosed recipients” which means that you are one of a million email address that are BCC’d in that email. Finally, most of these emails have poor grammar which suggests that the scammers are located overseas.
A second suspicious email supposedly comes from someone we know. But there isn’t much in the email except a link to an unknown website. The scammer giveaway here is that even though the sender’s name may be someone you know, the sender’s email address is totally different and usually strange.
So always be skeptical of emails from people you don’t know. If it’s too good to be true, it usually is.
Don’t share your computer with anyone. While most people are pretty good about this, there are some occasions where you may need to share your computer with someone else. In most cases, it is a child who wants to play a video game online. Or it might be a teenager whose computer broke down and needs to finish her term paper on the mating habits of the deep-sea anglerfish (look it up) in 12 hours.
Just don’t do it. When you get your computer back, does it behave differently? If it does, then chances are good that something happened. Sometimes they will tell you that they accidentally downloaded some malware. But we know what happens most of the time — they won’t tell us or they will deny they did anything wrong.
Don’t work in a public area. Back when coffee shops were open, some of us would work there, sipping an espresso while listening to the background jazz music. The big draw was the coffee shop’s public wifi so you can check email and whatnot.
Using public wifi can expose your computer to hackers. A few years ago, I attended the ABA Techshow, and one of the presentations demonstrated how someone can access a computer using public wifi.
If you are working high-profile cases, there is a chance you can be followed physically. Someone can take detailed photos from a distance. Others may try to steal your computer. I get that the chance of this is fairly low, but in our line of work we may run into people who will have a strong incentive to do whatever it takes to make our lives miserable.
One day, coffee shops will reopen, and we’ll be allowed to lounge indoors again. But the security threat is real and not worth a grande mocha. The only things coffee shops are useful for are first dates and studying for the bar exam.
Don’t go to strange websites. Unfortunately, there are some websites that are specifically designed to install malicious software into unsuspecting computers. Most web browsers know about these and stops users from accidentally accessing them. But this is not foolproof.
It’s difficult to tell which websites contain malicious code. In most cases, they are the usual suspects. Also, a lot of the sites tend to slow your computer down as soon as you access them. And they have annoying pop-up screens. Some even try to trick your computer into installing software to supposedly optimize your browsing experience.
Purchase virus protection software. Even if you follow all of the tips here and from other sources, hackers can secretly compromise your computer. To minimize this, purchase antivirus software programs. Generally, they are inexpensive and worth the cost. Some antivirus programs are free. From my experience, however, they tend to slow the computer down, and you get constant nag screens telling you to upgrade to the paid version.
You do not necessarily need expensive, high-end internet security services to protect yourself and your clients. As your notoriety increases, you might need to step up your security game, but by applying some common sense, using email wisely, and not downloading suspicious software, you can keep your computer safe from most hackers and scams.
Steven Chung is a tax attorney in Los Angeles, California. He helps people with basic tax planning and resolve tax disputes. He is also sympathetic to people with large student loans. He can be reached via email at sachimalbe@excite.com. Or you can connect with him on Twitter (@stevenchung) and connect with him on LinkedIn.