Many firms have distributed their operations, with members accessing systems offsite on unsecured devices. This significantly increases the firm's risk exposure.
If a bad actor gets a hold of a firm member’s login credentials - the golden keys to your kingdom - even with the best IT management you won’t be able to stop them. This is why we strongly recommend that all firms implement two-factor authentication to protect against breaches from password theft.
“Two-factor authentication is an additional safety measure designed to ensure anyone who logs into your system is actually who they say they are.”
Risks for the Distributed Firm
Before we get into the how and why of two-factor authentication, we must first understand the very real risks to the Distributed Firm.
In 2020 the legal profession saw a significant rise in the number of cyberattacks against firms, ransomware being a common objective. Hackers gain access to a firm’s network and lock everyone out, blocking access to calendars, email and critical documents. They demand a hefty ransom, often in untraceable Bitcoin, and they may even threaten to destroy the data.
Hackers know that distributed firms are more vulnerable, making them a prime target. With your username and password they can log in as you from any location and access all your files.
Hackers use a variety of methods to steal your login credentials, here are the three most common:
1. Key-logging Malware
They secretly install malware on remote computers though phishing emails or infected websites. Once the malware is installed, it captures the firm member's keystrokes: once the member types in their username and password to log in to their virtual desktop, voila! the hacker can get in.
2. Phishing Emails
Phishing emails have been around for years, but they’re more sophisticated than ever and still prove to be effective. Often a phishing email will look exactly like a legitimate email from a bank, client or vendor, and will prompt a firm member to enter their username and password in order to download an important document. When the user enters their credentials, they’ve unwittingly disclosed them to the hacker.
3. Re-used Passwords
Many of your firm members may re-use their email addresses and passwords for other services, which can then be hacked. For example, a few years ago LinkedIn was compromised and a huge number of user emails and passwords were exposed. A hacker can easily trace those emails back and put them to use. People commonly re-use passwords because it's convenient, but it's risky and out of your firm's control.
Realistically, you can’t control human nature or cross the boundaries of what your employees do in their own homes on their own devices. Two-factor authentication acts as an additional safety measure, designed to ensure anyone who logs into your network is actually who they say they are.
LexCloud.ca uses a trusted access solution that uses a simple and convenient phone app to authenticate virtual desktop logins from outside the office.
This is how it works:
Firm members log in to their virtual desktop.
A window pops up, prompting them to tap an authentication button on their phone.
Once they tap, they're in.
LexCloud also offers remote security PC management for additional security on remote computers that are used for firm purposes. This cost effective service allows us to “push” software updates and patches to remote PCs to improve performance and security.
If you’re a LexCloud.ca client, contact Kyle Clifford today to discuss two-factor authentication for your firm.