To help avoid this happening to your firm we strongly recommend that you consider switching on Multifactor Authentication.
The problem of user adoption.
Despite the clear benefits of multifactor authentication (MFA) for law firms, the lack of user adoption remains a significant challenge. While MFA provides an additional layer of security to protect sensitive information, some users may find the process of using MFA to be cumbersome or time-consuming, leading to low adoption rates.
One of the primary reasons for the lack of user adoption is the inconvenience of using MFA. Many MFA methods require additional steps, such as entering a code generated by an authentication app or using a smart card reader, which can add time to the login process. In a fast-paced legal environment, where time is often of the essence, this can be a significant obstacle for some users.
Another reason for the low adoption of MFA is the perception that it is unnecessary. Some users may believe that their passwords are strong enough or that their devices are secure enough to protect their information. This perception can lead to complacency and a false sense of security, which can put sensitive data at risk.
Furthermore, some users may not fully understand the importance of MFA. They may not realise the significant risk of cyberattacks or the potential consequences of a data breach, including financial loss, reputational damage, and legal liability. Without a clear understanding of these risks, users may not prioritise the use of MFA as an essential security measure.
Law firms can address the lack of user adoption of MFA by implementing strategies to increase awareness and encourage its use. One effective strategy is to provide training and education to users. This can include explaining the importance of MFA, the risks of cyberattacks, and the consequences of a data breach. By increasing awareness and understanding, users may be more likely to adopt MFA as a necessary security measure.
Another strategy is to make the use of MFA mandatory for all users. This can help to establish a culture of security within the law firm, where MFA is seen as a necessary and standard security measure. By making MFA mandatory, law firms can reduce the risk of human error or negligence, which is a common cause of data breaches.
Law firms can also encourage the use of more user-friendly MFA methods, such as biometric authentication, which can be more convenient and faster than traditional methods. Biometric authentication methods, such as fingerprint scanning or facial recognition, can provide the same level of security as traditional methods while minimising the inconvenience of additional steps in the login process.
Why is Multifactor Authentication essential for law firms?
Having your personal email account hacked can be both annoying and inconvenient. However, when it comes to your legal work account, it’s a completely different ball game. Personal details of your clients’ work, transactions possibly even bank details are on full display to the hacker. If it happens, you must report the data breach to either the SRA or the Law Society of Scotland. Naturally, they will take a dim view of such a turn of events.
What exactly is MFA?
When you sign into your online accounts a process called “authentication” takes place. In essence, you’re proving to Microsoft that you are who you say you are. Traditionally you did that with a username and a password. Unfortunately, that’s not a very good way to do it. Usernames are often easy to discover; sometimes they’re just your email address. Since passwords can be hard to remember, people tend to pick simple ones. And they may use the same password at many different sites.
That’s why almost all online services – banks, social media, shopping and yes, Microsoft 365 too – have added a way for your accounts to be more secure. You may hear it called “Two-Step Verification” or “Multifactor Authentication” but the good ones all operate along similar lines. When you sign into the account for the first time on a new device or app (like a web browser) you need more than just the username and password. You need a second factor to prove who you are.
How does Multifactor Authentication work?
Let’s say you’re going to sign into your work email account. You enter your username and password. If that’s all you need then anybody who knows them can sign in as you from anywhere in the world!
But if you have multifactor authentication enabled, security tightens up. When you sign in on a device or app you enter your username and password as usual. Then you will be prompted to enter your second factor to verify your identity.
If you’re using the free Microsoft Authenticator app on your phone as your second factor. You open the app on your smartphone, it shows you a unique, dynamically created 6-digit number that you type into the site and you’re in.
Alternatively, you can set things up so that you receive a text message containing the code.
If somebody else tries to sign in as you, they’ll enter your username and password. When prompted for that second factor they’re stuck! Unless they have YOUR smartphone, they have no way of getting that 6-digit number to enter. The 6-digit number in Microsoft Authenticator changes every 30 seconds. So, even if they know the number you used to sign in yesterday, they cannot sign in themselves.
The lack of user adoption of MFA remains a significant challenge for law firms. The inconvenience of using MFA, the perception that it is unnecessary, and a lack of understanding of the risks can all contribute to low adoption rates. However, law firms can address this challenge by implementing strategies to increase awareness and encourage its use, such as training and education, making it mandatory, and promoting more user-friendly MFA methods. By adopting these strategies, law firms can improve their security posture and better protect their sensitive data.
If you are a LawWare client that uses Microsoft 365 and Outlook and wish to find out what your MFA options are and learn how to set it up, please contact me and I will make the necessary arrangements.