Lawyers must strike a careful balance between maintaining easy access to digital files and safeguarding the firm’s confidential data. Hackers are becoming more and more sophisticated, which means it’s more important than ever to use secure passwords for all your files and devices.
To stay safe, your firm’s password security must evolve to keep pace with advancing risks. Make sure you understand why passwords are important, how hackers can crack them and how to choose the right password security to protect your practice.
Why Secure Passwords Are Important
All professionals must take steps to safeguard their data and devices from unauthorized access, but lawyers and law firms must also consider their ethical requirements to safeguard the data of clients and their case materials.
Passwords may be used to protect different types of confidential data, including emails, text messages, case files, client documents, billing information, financial records and other sensitive data. Lawyers should be cognizant of several important ethnical implications related to password security.
ABA Model Rule 1.15 is the basis of an attorney’s duty to safeguard clients’ property entrusted to counsel, while Model Rule 1.6 states that a lawyer “shall not reveal information relating to the representation of a client without the client’s informed consent.”
State ethics opinions also consistently note that lawyers have an obligation to exercise “reasonable care to protect the security and confidentiality of client documents and information.” Lawyers must also become knowledgeable1 about relevant technologies and take reasonable care to stay on top of technological advances.2
How Hackers Can Crack Your Password
Staying on top of password security can be challenging, as computer systems become more advanced, hackers become more sophisticated and data becomes more vulnerable. You may have noticed that popular websites and applications prompt you to update your password more frequently and require users to choose stronger and better passwords. This is because hackers may be able to guess weak passwords and use technology to hack even moderately secure passwords.
With new technology, some hackers are able to crack simple passwords of up to 10 characters instantly. Even properly chosen passwords that include numbers, symbols, uppercase and lowercase letters can be cracked in just a few minutes to hours if they are shorter than eight characters long.
Many computer users still choose passwords that are easy to guess and there are now billions of compromised and stolen passwords listed online. Using similar passwords for different websites can allow a hacker to access multiple accounts. Plus, a hacker who finds one of your passwords may be able to guess others.
How to Pick a Good Password
Choosing a good password for all your firm logins can protect you from getting hacked and minimize the risks to client data. The following points can help ensure your password is safe:
- Create a secure password. Use uppercase and lowercase letters and numbers with a length of at least 8 characters long. Don’t use nicknames, birthdays or words in the dictionary.
- Avoid reusing old passwords. Passwords that are compromised can represent a permanent vulnerability. Facebook CEO Mark Zuckerberg once faced a hack due to a reused password.
- Use a unique password for everything. Prevent small hacks from turning into major ones. Differentiate your passwords to keep hackers from being able to access more than one of your logins.
- Keep track of all your passwords. Lawyers may have to juggle dozens of passwords. Keep track by writing them down on a paper stored in a secure location, or consider a password manager.
- Try a password manager. Browser and cloud-based password managers use a master password to secure all your logins. Carefully review the vendor’s terms of service for legal compliance.
- Check for compromised passwords. Google Password Checkup and Mozilla Firefox Monitor can alert you if one of your logins has been compromised or exposed so you can change it.
- Choose secure reset options. With so many passwords to keep track of, it is important to choose good security questions and set up a backup email or phone number to keep you from losing access to your data.
- Set up two-factor authentication. Two-factor authentication can send a confirmation text, call or other in-app security verification request to confirm your identity before allowing a logon from an unfamiliar device.
- Keep your passwords confidential. Never share your password with others, even within your firm. Ensure everyone has their own access and login credentials.
Make sure your firm’s password security keeps pace with the evolving risks. Protect yourself from hacks and safeguard client confidentiality with more secure passwords.
Find more risk management tips to protect yourself and your firm here, or contact Lockton Affinity at (844) 863-5948.
Information provided by Lockton Affinity is not intended as legal advice.
Notes: California State Bar Standing Committee on Professional Responsibility and Conduct, Formal Opinion 2010-179; Florida Bar Standing Committee on Professional Ethics, Opinion 06-01 (April 10, 2006); Illinois State Bar Association Ethics Opinion 10-01 (July 2009); The Maine Board of Overseers of the Bar Professional Ethics Commission, Opinion 194 (June 30, 2008); Massachusetts Bar Association Ethics Opinion 05-04 (March 2005); The State Bar of Nevada Standing Committee on Ethics and Professional Responsibility, Formal Opinion No. 33 (Feb. 9, 2006); The New Jersey State Bar Association Advisory Committee on Professional Ethics Opinion 701 (April 2006); State Bar Association of North Dakota Ethics Committee Opinion 99-03 (June 21, 1999); Vermont Bar Association Advisory Ethics Opinion 2003-03; Virginia State Bar Ethics Counsel Legal Ethics Opinion 1818 (September 30, 2005).
See Alabama Office of General Council Disciplinary Commission, Ethics Opinion 2010-02; State Bar of Arizona Ethics Opinion 09-04 (December 2009); New York State Bar’s Committee on Professional Ethics issued Opinion 842 (Sept. 10, 2010); North Carolina State Bar Ethics Committee Formal Opinion 6 (currently under further review); Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility Formal Opinion 2011-200.