Would you believe “12345”? How about this one: “0000.” We are not making this up; we don’t have to. Estate planning and elder law firms that depend on password protection are often woefully lacking in cybersecurity basics. While a skilled hacker can get into any system, there are plenty of not-so-skilled hackers who can wreak just as much damage. And often, it starts with passwords.
Not all password hacks are external. Many offices have one person who insists on keeping their passwords on sticky notes that are posted on their computer monitors. Not making that up either. This means that anyone, including colleagues, clients, cleaning people, delivery people, vendors, etc., has easy access to your systems.
Some passwords are better than others. The serious hacker uses software programs that can break any password code. Your IT team has them also, because there are instances where a lost password is a problem. But don’t make it easy for the casual hacker. Best practices are constantly changing, but overall, the best password is not your pet’s name, your birthday or office address. Use a mix of upper case and lower case letters, symbols and numbers. Use a random word or unconnected words but not a popular phrase. “Password1” is the single most commonly used password in global businesses. Don’t use it, and if you have used it, change it. Today.
WiFi devices can put your passwords at risk. Passwords, PINs and keystrokes can be obtained by hackers observing changes in the wireless signal as you enter them into your smart phone. Any wireless device that works via radio signals broadcasts those signals, and a savvy hacker knows how to interpret them. If your office uses a wireless system, and some do, ask your IT team how well it is protected.
When you change your password, don’t do this. Some IT sources recommend changing passwords on a quarterly basis. That can be annoying, so the usual response is to change one letter or one number, usually sequential, and consider the task done. The problem is, nothing much is accomplished with such a minor effort. Some studies show that there is no advantage whatsoever to changing passwords.
Don’t use the same passwords for different accounts. You know this and you know why it’s a bad practice. If one phishing scheme captures your email and password, at least make it a little harder for the hackers to get into other accounts.
Updating technology is as important as updating a will. You know why clients need to come in every few years to review and revise their wills. The same applies to technology, and especially regarding cybersecurity. Systems that were state of the art in 2012 are out-of-date, and make your practice vulnerable.