November 20, 2018 Technology

TAPAs: Five Ways to Make Your Data More Secure in Five Minutes or Less

By Jeffrey Allen and Ashley Hallene

Life moves fast, and it seems like hackers move even faster. Before you roll your eyes at the thought of another cybersecurity article, just wait. This article contains important information, not only on steps you should take, but how hackers are able to get your passwords and sensitive data. We have shared the steps they actually take in the hope that when you see how easy it is, you will take the necessary measures to protect yourself.

Tip 1: Encrypt your web-based e-mail with Mailvelope (www.mailvelope.com). You can encrypt every e-mail you send fairly easily, but encryption is especially important if you use that e-mail to communicate sensitive data. Mailvelope is a PGP encryption provider for webmail that works with Gmail, Yahoo, Outlook.com, and more. It is an extension, or “add-on,” to your browser that expands its functionality. It works with Firefox and Chrome web browsers.

Tip 2: Do the two-step. No, we are not talking about the Texas two-step, but rather the two-step verification process. If the website or application you are using offers it, then use it. Two-step authentication (sometimes referred to as two-factor authentication) is a security process in which the user provides two different authentication factors. The first is generally your username and password. The second is usually entering a code that is sent to your phone or e-mail when you request access and that must be entered within a certain time frame in order to gain access.

Bonus tip: It often happens that two-step verification will send you a code either via text, e-mail, or by phone call. In our experience, text and phone call have been significantly faster than e-mail and do not run the risk of being caught by a spam filter. Save yourself some time when logging in by choosing to receive your code via text or telephone.

Tip 3: Whenever you are on a shared computer, work in the “private” or “incognito” Internet window. Working in a private browser, or incognito window, allows you to browse the web, and access your accounts, without leaving a trail. It is important to realize that browsing in private mode will not prevent your Internet provider or your work from knowing what websites you are on, so don’t go anywhere inappropriate and expect to be protected. What it does is prevent the browser from recording where you are going, so you won’t find a trail in the “history” folder. Also, the browser will not store your username and password in this mode, so you do not need to remember to clear the history folder when you are finished. This is useful on public computers, if you are checking something in the business center of a hotel and such.

Tip 4. Avoid storing passwords and usernames in your web browser. It can be very tempting to keep your username and password stored in your web browser. Every time you log in, the browser pops up a window asking if you would like it to keep your username and password stored for faster log-in. Sure, you think to yourself. Time is money, and letting my browser fill in my username and password is rather convenient. However, if your computer is ever compromised and accessed remotely over the Internet, an unauthorized user will have immediate and complete access to your online accounts. Sometimes, there are unauthorized users roaming around your office. In this instance storing your passwords can lead to unauthorized access anytime you walk away from your computer. To see how easily hackers can access someone’s password when it is stored in their browser, check out this article from Credera, here.

If you are hesitant to turn off storing passwords because you are worried that you will forget and be unable to access your accounts, you can export all your currently stored passwords to an Excel spreadsheet, enter them into a password-storing app or web service, or keep it in a secure drive, so you only need to remember one password. If you are a Chrome browser user, you can export your username and passwords by going to Settings > Passwords, from here you will click the three stacked dots above your saved passwords list:

Saving passwords in Chrome

Saving passwords in Chrome

Clicking the three dots pulls up a menu option to Export Passwords. For security, your web browser will ask that you enter your computer access password before it will export the data. It will also warn you that anyone who can see the file will have access to your passwords, so make sure you keep the file in a secure location. Enter the passwords into a secure app or database, then destroy the file when you are done.

Bonus tip: If you are considering a password manager, check out Last Pass, Dashlane, or SecureSafe. All offer free versions that will store up to a certain number of passwords.

Tip 5: Trust, but verify. Hackers have engineered ways to e-mail you compromised files wearing a mask of a name in your contacts list. Attacks like this are commonly referred to as “social engineering.” This works particularly well when the hackers use the name of a firm partner, client, or senior colleague. Usually the e-mail contains a file, with little or no text explaining the nature of it. You may get a short message such as “check this out” or “review please.” Then, when you click the link to download the document, entering a username and password, the hacker has what he or she was after. You have either downloaded malicious software or backdoor access to your system, or they have your commonly used username and password to try and gain access to your accounts.

You can protect yourself by sending a quick e-mail to the sender, confirming he or she has sent you a file to review. It is okay to decline a request in order to keep your data, and your clients’ data, secure. This quick maneuver can save you a lot of headaches.

Next Article > > >

Entity:
Topic:

Jeffrey Allen is the principal in the Graves & Allen law firm in Oakland, California, where he has practiced since 1973. He is active in the ABA (particularly in the GPSolo and Senior Lawyers Divisions), the California State Bar Association and the Alameda County Bar Association. A frequent speaker on technology topics, he is Editor-in-Chief of GPSolo magazine and GPSolo eReport. He serves as an editor and the technology columnist for Experience Magazine and has served on the Board of Editors of the ABA Journal. He also serves on the ABA’s Standing Committee on Information Technology. Recently, he coauthored (with Ashley Hallene) Technology Solutions for Today's Lawyer and iPad for Lawyers: The Tools You Need at Your Fingertips. In addition to being licensed as an attorney in California, he has been admitted as a Solicitor of the Supreme Court of England and Wales. He teaches at California State University of the East Bay. He may be reached at jallenlawtek@aol.com.

 

Ashley Hallene is a petroleum landman at Alta Mesa Holdings, LP, and practices Oil and Gas law, Title Examination, Due Diligence, Acquisitions and Oil and Gas Leasing in Houston, Texas. She maintains a diverse solo practice on the side. Ashley is the coauthor of the technology overview Making Technology Work for You (A Guide for Solo and Small Firm Attorneys) along with attorney Jeffrey Allen. She has published articles on legal technology in GPSolo Magazine, GPSolo eReport, and the TechnoLawyer Newsletter. Ashley is an active member of the American Bar Association’s General Practice Solo & Small Firm Division, ABA’s Young Lawyers Division, the Texas Young Lawyers Association, the Houston Young Lawyers Association, and the Houston Association of Petroleum Landmen. She frequently speaks in technology CLEs and is Deputy Editor-in-Chief of the Technology and Reviews Department of the GPSolo eReport. She may be reached at ahallene@hallenelaw.com.