To help avoid this happening to your firm we strongly recommend that you consider switching on Multifactor Authentication.
Why is Multifactor Authentication essential for law firms?
Having your personal email account hacked can be both annoying and inconvenient. However, when it comes to your legal work account, it’s a completely different ball game. Personal details of your clients’ work, transactions possibly even bank details are on full display to the hacker. If it happens, you must report the data breach to either the SRA or the Law Society of Scotland. Naturally, they will take a dim view of such a turn of events.
What is Multifactor Authentication?
When you sign into your online accounts a process called “authentication” takes place. In essence, you’re proving to Microsoft that you are who you say you are. Traditionally you did that with a username and a password. Unfortunately, that’s not a very good way to do it. Usernames are often easy to discover; sometimes they’re just your email address. Since passwords can be hard to remember, people tend to pick simple ones. And they may use the same password at many different sites.
That’s why almost all online services – banks, social media, shopping and yes, Microsoft 365 too – have added a way for your accounts to be more secure. You may hear it called “Two-Step Verification” or “Multifactor Authentication” but the good ones all operate along similar lines. When you sign into the account for the first time on a new device or app (like a web browser) you need more than just the username and password. You need a second factor to prove who you are.
How does Multifactor Authentication work?
Let’s say you’re going to sign into your work email account. You enter your username and password. If that’s all you need then anybody who knows them can sign in as you from anywhere in the world!
But if you have multifactor authentication enabled, security tightens up. When you sign in on a device or app you enter your username and password as usual. Then you will be prompted to enter your second factor to verify your identity.
If you’re using the free Microsoft Authenticator app on your phone as your second factor. You open the app on your smartphone, it shows you a unique, dynamically created 6-digit number that you type into the site and you’re in.
Alternatively, you can set things up so that you receive a text message containing the code.
If somebody else tries to sign in as you, they’ll enter your username and password. When prompted for that second factor they’re stuck! Unless they have YOUR smartphone, they have no way of getting that 6-digit number to enter. The 6-digit number in Microsoft Authenticator changes every 30 seconds. So, even if they know the number you used to sign in yesterday, they cannot sign in themselves.
If you are a LawWare client that uses Microsoft 365 and Outlook and wish to find out what your MFA options are and learn how to set it up, please contact me and I will make the necessary arrangements.