Laws and ethics rules related to technology management continue to mount for lawyers; and, if it seems to you that there is a new security vulnerability that you need to cover for just about every other day, then that’s good: because it means you’re paying attention. Last time, we addressed the continuing importance of the law firm website. Given the foregoing, then, it probably makes sense to continue that discussion, in order to provide some basic pointers respecting securing your website. Yes, your website is something else you have to worry about locking down. While this can become a very technical conversation, if you start with some basic information security principles, and apply them to your website, it will represent a useful springboard for adding additional security measures.
So, if you haven’t taken the first step in securing your law firm website, adopt these measures, like yesterday:
Use Strong Passwords. Just as you would do for your email, your website admin login should require a strong password, too. A strong password is the first step in any defense against hackers. Most passwords in use are embarrassingly easy to guess; so, putting in even a minimal amount of effort (replace a letter with a number, e.g. — L for 1) in designing a stronger password can increase your website security by big percentage points. Add a second factor of authentication to the mix (like a code texted to your phone – even if a hacker gets your password, it’s unlikely that he also has access to your phone), and you’ve further increased your website’s security. Taking these steps is particularly important for website owners, because the admin page for your website and username (if it’s your email) are very easy to guess — if you don’t change them. WordPress, the most popular content management system (CMS) for building websites, can be configured for added security in a number of ways.
Update Security Software. Just as you would with your desktop or laptop PC (because everyone knows Macs don’t get viruses, right), you should manage and update software and patches for your website. If you’re relying on your CMS to provide security for your website, run the software updates provided to you. There are also third party vendors making available website security tools; but, the same message attains: applying the software is a good first step; updating the software is a necessary, continuing step.
Apply HTTPS. Just as you would encrypt sensitive information that you send via email, you should encrypt your website data. You ever wonder what the ‘s’ stands for in ‘https’? It’s ‘secure’. By selecting for https, you essentially add a layer of encryption as your website communicates with the web server. The most popular CMS, WordPress, is https ready. In terms of law firm marketing, note that Google has been using https as a ranking signal since 2014.
Move eCommerce Offsite. Just as you’re required by state law to take measures to secure sensitive data, including financial account numbers, you should contemplate how you keep your clients’ information safe in eCommerce. One of the reasons why websites are hacked is to get at financial data maintained by websites that offer online payment options. There are payment processing services, however — including LawPay — that can provide a link from your website, to a different payment site, so that you won’t have to maintain your clients’ financial information, including credit and debit card numbers, at your website. That also means you’re not a holder of that information under the terms of most state data protection laws.
Backup Your Website. Just as you would backup your client files, you should endeavor to backup your website. A data backup is the ultimate security measure. At this point, it’s probably not a matter of if, but when you will be hacked; and, there is no guarantee that you will effectively fend off a determined hacker. But, even if you’ve taken all the right (read: reasonable) steps, and you still can’t prevent a breach, maintaining a backup of your website means that you can restore your site to its former glory, as soon as you have reestablished its security. There are a number of options to choose from in backing up your website.