When cyber security consultants address the security concerns of a law firm, we want to work off of what happens when a computer gets breached either because of installing a malicious program or falling for a phishing email
In these common hacking scenarios, we have 3 main concerns regarding what can happen:
- Grabbing passwords
- Grabbing Outlook tokens (to access email)
- Stealing and Ransoming data
When a computer in a Law Firm is compromised, much like your Outlook token, any passwords stored in your browsers can easily be seen, taken and used on another computer.
We have articles here on how to protect and secure your data and an article here on how to protect your law firm’s email against a breach.
In this article, we show you how to set up a Password Manager like Keeper, 1Pass, Dashlane or NordPass
We recommend Keeper but have used all of these solutions. The steps will be similar to other password manager configurations
HOW TO PURCHASE A PASSWORD MANAGER
Go to Keeper and purchase a business plan – https://www.keepersecurity.com/pricing/business-and-enterprise.html
We recommend the business plan as this allows you to create an admin that can easily remove/add users, reset passwords, and set up company standards and policies like mandating 2FA. It is important to note that AN ADMIN CANNOT SEE THE PASSWORDS OF ANYONE IN THE ORG but is there to remove or set up users.
Before creating users be sure to enforce 2FA and other beneficial settings by going to ADMIN – ROLES – ENFORCEMENT POLICIES
Two-Factor Authentication – Turn on REQUIRE TWO-FACTOR
HOW TO ADD USERS TO YOUR LAW FIRM PASSWORD MANAGER ACCOUNT
From the admin console create users by selecting ADD USER and then create their account by using their email addresses. There will be a welcome email sent to that email address where they can sign in and create their account.
Once a user has been signed up, they can now download the CHROME EXTENSION to start managing the passwords – https://chromewebstore.google.com/detail/keeper%C2%AE-password-manager/bfogiafebfohielmmehodmfbbebbbpei?pli=1
HOW TO INSTALL AND USE THE PASSWORD MANAGER
Once the Chrome (or EDGE) extension is installed, click on the puzzle piece to pin Keeper to your Chrome toolbar. Now click on the Keeper Extension and sign in with the credentials you created via the Keeper welcome email.
Once signed in, it should ask you to import your passwords, please proceed with this.
Now click on OPEN MY WEB VAULT – SETTINGS – SECURITY and set these settings
SECURITY – STAY LOGGED IN
TWO-FACTORS AUTHENTICATION – ONE
You can IMPORT your passwords if you haven’t already done that
Once you have confirmed that you have imported your passwords, you should now remove your passwords from Chrome or Edge.
HOW TO REMOVE YOUR PASSWORDS AND STOP THEM FROM BEING STOLEN IN A HACK
To remove your passwords from Chrome first you must stop Chrome from storing bew passwords by going to chrome://password-manager/settings and TURN OFF ALL OPTIONS IN HERE and now go to remove your stored passwords (which are now in Keeper).
To do this go to chrome://settings/privacy then CLEAR BROWSING DATA and select ADVANCED – Time Range ALL TIME – and then select PASSWORDS AND SIGN IN DATA and select Clear DATA
You have now created a password manager, set up users, installed Keeper in Chrome, imported your passwords to Keeper, stopped password storing in Chrome and removed your passwords from Chrome.
By managing IT Services in your Law Firm, a breached computer no longer means breached passwords as these passwords are not stored on the computer, but are rather in an encrypted cloud system where not even Keeper can see the passwords.
