Password Protection
❑ Consider dual factor authentication
❑ Use complex passphrase with numbers, symbols and/or upper- and lower-case letters
❑ Never provide your password when requested by email or through a site. Contact the requester by phone and try to independently verify the legitimacy of the request
❑ Use a password generator and manager
Privacy
❑ Do not use public Wi-Fi
❑ Utilize VPN (virtual private network) as appropriate
❑ Require a password in order to access a thumb drive
❑ Encrypt documents as appropriate
❑ Cover the camera on your laptop and tablet
❑ Use up-to-date redaction software where appropriate (e.g., PDF documents)
❑ Keep work and private personal digital information separate
❑ Always manually log off of networks, websites, and email platforms when you are finished
❑ Periodically clear out cookies
❑ Do not link sites together so as not to share private information
❑ Consider faxing confidential information
❑ Consider use a credit card RFID (Radio Frequency Identification) shield
Hardware, Software, and Operating Systems
❑ Keep software and operating systems up to date
❑ Implement patches as soon as available
❑ Install software to scan for viruses
❑ Install a tracker to locate lost devices
❑ Install a program/app that can remotely lock or wipe lost devices
Law Practice Management
❑ Purchase cyber security insurance that covers social engineering
❑ Always maintain backup files in a secure location
❑ Consider encrypting server and/or backup
❑ Review cyber security audits of third parties or vendors
❑ Ensure backup is not connected to your system so as not to compromise its integrity in the event of a hack
❑ Create an incident response plan to be followed in the event of a hack - what to do, who to call, what to change
❑ Consider disclosing cybersecurity protocols and concerns in retainer letter
❑ Do due diligence on third parties and vendors with whom you are working
This checklist was developed by students in the spring 2019 Technology and the Law course, a collaboration between the New York State Bar Association Committee on Technology and the Legal Profession and City University of New York School of Law.
