Data is your firm’s most valuable asset. You may assume that your network is protected. Or maybe you think that you have nothing to worry about because your firm doesn’t have the kind of information that a hacker would be interested in. After all, you’re not a big box store, and who wants boring contracts, pleadings and time sheets anyway? Well, think again.
“Law firms are very attractive targets,” said Harvey Rishikof, co-chair of the American Bar Associations cybersecurity legal task force. “They have information from clients on deal negotiations which adversaries have a keen interest in. They’re a treasure trove that is extremely attractive to criminals, foreign governments, adversaries and intelligence entities.” And, according to the 2015 Verizon Data Breach report, “five malware events occur every second.”
One of the most vital parts of your network security is a firewall, including active intrusion prevention systems (IPS). This is generally your first line of defense against the myriad threats that can be found while online, and is instrumental to comprehensive network security.
Here’s how a firewall works, and what it does to keep your systems safe.
What It Does Your network’s firewall essentially acts like a bouncer. It makes sure potential threats don’t make their way into your network, and prevents them from leaving so they can be taken care of appropriately. The firewall scans the data that flows in and out of a network for these threats, and either allows it access or it doesn’t. Some of the higher-end firewalls are capable of investigating network traffic, validating connections and data packages, checking for legitimate application data, and even closely examining specific signals going to and from your network.
What It Doesn’t Do The strength of your firewall, often determines its ability to keep threats out. But, generally, you can’t expect your firewall to protect you from more advanced threats like viruses, spyware, adware, and phishing scams that have their roots in social engineering tactics. These advanced threats are designed to take advantage of human naivety in order to trick users into opening suspicious files or entering sensitive information into forms on corrupted sites.
Your Firewall is No Good Without Active Intrusion Prevention Service Many PCs and workstations come equipped with built-in firewalls. These are helpful, but they have limited functionality and are not intended to protect your business network. You shouldn’t trust the security of your network to the likes of them. Most consumer-grade and low-end business hardware, like the wireless router, also has a built-in firewall, but for the average law firm, this won’t be enough to put a stop to the threats that want to bring your company down. It’s critical that your network is protected with business-grade hardware with current software subscriptions to continuously monitor network traffic and take immediate action. I frequently discover during assessments that firms have purchased the appropriate hardware, but have failed to keep up-to-date subscriptions, which creates a significant security risk.
Consider an independent assessment and cybersecurity training for your firm to keep malware out of your network.