No matter your politics, most of us aren’t thinking of President Biden when it comes to technology advice. Yet it was the Biden White House offering excellent advice on protecting yourself online. This isn’t fancy geek language, it is the same cybersecurity advice I have given in dozens of programs not only to lawyers and law firms but also to community groups and others. And in a world where every day brings news of hacks, ransomware, phishing attacks and other cyberdangers, it is terrific to discover the White House offering practical cybersecurity advice – advice every business and every law firm and every lawyer should follow. Click here to read the White House’s March 21, 2022 Fact Sheet.
Here is the advice verbatim:
- Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
- Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
- Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
- Back up your data and ensure you have offline backups beyond the reach of malicious actors;
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
- Encrypt your data so it cannot be used if it is stolen;
- Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
- Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.
While this advice is straightforward, here are my even plainer language recommendations, the same ones we provide to our clients seeking ethical and techno-ethical guidance:
- Use multi-factor authentication everywhere you can;
- Make sure you have up-to-date antivirus and anti-malware protection, there are lots of great products – don’t use Kaspersky products;
- Check with your IT department to make sure your systems regularly install updates – for small offices, require staff to check for updates weekly on Wednesdays;
- Back up your data and ensure you have offline backups – backup products are available for everyone no matter your budget;
- Have an emergency plan;
- Encrypt your data so it cannot be used if it is stolen – this means using strong passwords, you don’t need expensive products if you use strong passwords;
- Educate employees about phishing and spear phishing and require them to report if they see anything unusual on their computers and phones.
If you don’t know where or how to begin, contact your IT professional for training and more, or contact us at the Law Offices of Daniel J. Siegel, LLC, the pioneers in providing techno-ethical guidance.