Working Remotely? Two-Factor Authentication is a Must

Many firms have distributed their operations, with members accessing systems offsite on unsecured devices. This significantly increases the firm's risk exposure.

If a bad actor gets a hold of a firm member’s login credentials - the golden keys to your kingdom - even with the best IT management you won’t be able to stop them. This is why we strongly recommend that all firms implement two-factor authentication to protect against breaches from password theft.

“Two-factor authentication is an additional safety measure designed to ensure anyone who logs into your system is actually who they say they are.”

 

Risks for the Distributed Firm

Before we get into the how and why of two-factor authentication, we must first understand the very real risks to the Distributed Firm.

In 2020 the legal profession saw a significant rise in the number of cyberattacks against firms, ransomware being a common objective. Hackers gain access to a firm’s network and lock everyone out, blocking access to calendars, email and critical documents. They demand a hefty ransom, often in untraceable Bitcoin, and they may even threaten to destroy the data.

Hackers know that distributed firms are more vulnerable, making them a prime target. With your username and password they can log in as you from any location and access all your files.

Hackers use a variety of methods to steal your login credentials, here are the three most common:

1. Key-logging Malware

They secretly install malware on remote computers though phishing emails or infected websites. Once the malware is installed, it captures the firm member's keystrokes: once the member types in their username and password to log in to their virtual desktop, voila! the hacker can get in.

2. Phishing Emails

Phishing emails have been around for years, but they’re more sophisticated than ever and still prove to be effective. Often a phishing email will look exactly like a legitimate email from a bank, client or vendor, and will prompt a firm member to enter their username and password in order to download an important document. When the user enters their credentials, they’ve unwittingly disclosed them to the hacker.

3. Re-used Passwords

Many of your firm members may re-use their email addresses and passwords for other services, which can then be hacked. For example, a few years ago LinkedIn was compromised and a huge number of user emails and passwords were exposed. A hacker can easily trace those emails back and put them to use. People commonly re-use passwords because it's convenient, but it's risky and out of your firm's control.



PhishingHow to Spot a Phishing Email
Common red flags
 
Read More

 

 

 

 

 

 

Two-Factor Authentication

Realistically, you can’t control human nature or cross the boundaries of what your employees do in their own homes on their own devices. Two-factor authentication acts as an additional safety measure, designed to ensure anyone who logs into your network is actually who they say they are.

LexCloud.ca uses a trusted access solution that uses a simple and convenient phone app to authenticate virtual desktop logins from outside the office.

This is how it works:

  1. Firm members log in to their virtual desktop.

  2. A window pops up, prompting them to tap an authentication button on their phone.

  3. Once they tap, they're in.

LexCloud also offers remote security PC management for additional security on remote computers that are used for firm purposes. This cost effective service allows us to “push” software updates and patches to remote PCs to improve performance and security.

If you’re a LexCloud.ca client, contact Kyle Clifford today to discuss two-factor authentication for your firm.

If you’re not a client but wish to learn more about secure IT solutions for your distributed firm, check out our Private Cloud page or contact us for a free consultation today!



Best-Practices-squareSecurity Best Practices for Law Firm Members

Read more

 


Subscribe to Our Blog!

Private Cloud for Law Firms 10 Questions
New call-to-action