How the GoToMyPC Hack Affects Law Firm’s

law-firm-data-security

First things first, if you’re a user of GoToMyPC, go and change the passwords to your other accounts as well.

The average person uses the same password for up to 15 accounts and hackers are completely aware of this.

Many of the Law Firms that I speak to use GoToMyPC or a similar offering like LogMeIn to connect to their office desktops when they want access to their data from home or another location away from the firm.

Without getting too technical, it’s a solution that I’ve always touted as insecure and vulnerable to hacking. Many people ignore the red flags because so many people have gotten comfortable using these types of applications.

The problem with an Attorney ignoring the warning signs is that unlike the average user, their data is far too sensitive to be left so easily unsecured.

According to the company, the “recent incident” was a password re-use attack. The hackers used the usernames and passwords leaked on other websites to access the GoToMyPC user accounts.

Hackers Love the Public Cloud

SaaS (Software as a Service) applications like GoToMyPC reside on a public cloud which to hackers are the “fruit bearing jackpots” of data.

Why? Because on a public cloud, the data for all users resides on the same server/database. Get access to one, you get access to all.

Hackers have a limited amount of time to do their jobs so like any smart business person, they’re looking to spend their time wisely and on what would give them the biggest reward.

How to Safely Access your Desktop from a Remote Location

 

    • Enable Two Step Authentication – If you’re going to continue using an application like the ones mentioned above, please at the very least enable two step authentication.
      It’s a band-aid solution and definitely not a robust or complete way of protecting your clients data, but it’s far better then the minimum username/password security you have in place today.
      Keep in mind that this helps protect your account from being hacked, but it doesn’t prevent someone hacking a different accounting and exposing your information after breaching the database that lives on the public cloud.

 

    • Create a Secure Connection to your Law Firm’s Network – You’ll need the help of your IT Person and often it’s not a cheap solution, and the experience isn’t always a pleasant one but it’s a step up from using SaaS/Public Cloud applications like GoToMyPC or LogMeIn.

 

    • Move to a Private Cloud Solution – Today, moving to a private cloud is the ultimate way of simultaneously being mobile and having your data secured.
      In a Private Cloud, your data is segmented and separated from other users, law firms and organizations (which is what makes it private).
      This means that a data breach for one user is only limited to the firm that caused the breach.
      A Private Cloud is a bit more of an investment but one well worth taking in maintaining your Law Firm’s reputation, and the security of your clients data.

 

You can get the benefits of a managed and hosted Private Cloud at an affordable rate using the Abacus Private Cloud solution that I’ve helped over 120 Law Firm’s move to.

If you’re interested in learning more or have any questions about the security of your Law Firm’s Data, contact me.