When it comes to securing your law firm’s data, you’re on top of it. You’ve password protected all of your devices with strong passwords, encrypted all of your data, and have strong firm policies in place. (If you haven’t taken these steps yet, do so now).
But if you’re still using email two-factor authentication to protect your accounts, your firm isn’t as secure as it could be. New levels of account protection, such as Google two-factor authentication, are increasingly becoming the security standard necessary to truly alleviate the risk of security breaches.
Data breaches make the news every day, and for lawyers who have an ethical duty to protect their clients’ data, this is an issue that should be top of mind. It’s best to plan as if it’s a matter of when, not if, someone makes an attempt to hack into your firm. Case in point: a Nokia report released earlier this year found that the number of malware infections that took place in the first half of 2016 doubled compared to the second half of 2015.
Even the strongest passwords can be hacked. By taking just one simple step—enabling true two-factor authentication for all of your accounts—you’ll add an extra layer of security that can make all the difference.
The difference in security is important—so much so that Clio will be phasing out email verification, removing this login option during January 2017. We ask that users replace this method with Google two-factor authentication.
What is Google two-factor authentication?
Two-factor authentication, sometimes called multi-factor authentication, is a mechanism that requires two different means of identification from a user when logging into an account.
Usually, this means you’ll need to enter your password along with a temporary code sent to your mobile device via text message (or via the Google Authenticator app if you’re using Google two-factor authentication) to access your account. The codes normally last 10–15 seconds before a new one is required.
In other words, with two-factor authentication enabled, no one can log into your account without both your password AND your mobile device. This means a hacker needs to steal your phone and know your login information to get access to your online accounts (not impossible, but much less likely than a cyber attack alone).
Do I need to use multi-factor authentication?
The use of multi-factor authentication has been deemed a best practice by many, but it’s also fast becoming a regulatory requirement. For example, new cybersecurity regulations being implemented in New York next year will require that financial services companies only use vendors that use multi-factor authentication.
In line with that trend, Clio is upping its security game by encouraging all users to protect their accounts with Google two-factor authentication, and removing the option of using email two-factor verification.
Translation: We think it’s best practice to start using Google two-factor authentication to ensure the highest level of security for your firm.
You may like these posts
How do I set up two-factor authentication?
Two-factor authentication quickly and easily provides a robust level of security for your law firm’s data. One app download and a change of settings, and your account will be untouchable to email hackers.
For most online accounts, you’ll go to your security settings and check a box to enable two-factor authentication. You’ll then receive a text message with a verification code each time you try to log into your account (you may need to login to your account again to complete the setup).
Alternatively, you can simply download the Google Authenticator app (this is what you’ll use for your Clio account). It automatically generates security codes, so you won’t have to wait for a text message each time you log in.
If you’re a Clio user and you need to update your account to use Google two-factor authentication:
- Navigate to the Apple or Android app store and download the Google Two-Factor Authenticator application
- Update your Clio settings
- Log in to Clio and enter the code from the Google Authenticator app when prompted
- Enjoy your new security feature
It’s as easy as that.
One more important thing—don’t forget to download backup codes. These will come in handy if you drop your phone in the gutter while rushing to a meeting.
That’s it. Rinse and repeat with the other apps you use to power your law firm for maximum security.
There’s no reason not to use two-factor authentication to protect your firm’s data, so get started today.
We published this blog post in November 2016. Last updated: .
Categorized in: Technology
The Ethics and Security of Cloud Computing Guide
A complete list of ethical obligations regarding data security, and best practices for evaluating a cloud vendorDownload Now