Password Protection

❑ Consider dual factor authentication

❑ Use complex passphrase with numbers, symbols and/or upper- and lower-case letters

❑ Never provide your password when requested by email or through a site. Contact the requester by phone and try to independently verify the legitimacy of the request

❑ Use a password generator and manager


❑ Do not use public Wi-Fi

❑ Utilize VPN (virtual private network) as appropriate

❑ Require a password in order to access a thumb drive

❑ Encrypt documents as appropriate

❑ Cover the camera on your laptop and tablet

❑ Use up-to-date redaction software where appropriate (e.g., PDF documents)

❑ Keep work and private personal digital information separate

❑ Always manually log off of networks, websites, and email platforms when you are finished

❑ Periodically clear out cookies

❑ Do not link sites together so as not to share private information

❑ Consider faxing confidential information

❑ Consider use a credit card RFID (Radio Frequency Identification) shield

Hardware, Software, and Operating Systems

❑ Keep software and operating systems up to date

❑ Implement patches as soon as available

❑ Install software to scan for viruses

❑ Install a tracker to locate lost devices

❑ Install a program/app that can remotely lock or wipe lost devices

Law Practice Management

❑ Purchase cyber security insurance that covers social engineering

❑ Always maintain backup files in a secure location

❑ Consider encrypting server and/or backup

❑ Review cyber security audits of third parties or vendors

❑ Ensure backup is not connected to your system so as not to compromise its integrity in the event of a hack

❑ Create an incident response plan to be followed in the event of a hack - what to do, who to call, what to change

❑ Consider disclosing cybersecurity protocols and concerns in retainer letter

❑ Do due diligence on third parties and vendors with whom you are working

This checklist was developed by students in the spring 2019 Technology and the Law course, a collaboration between the New York State Bar Association Committee on Technology  and the Legal Profession and City University of New York School of Law