At a minimum, two-factor authentication rather than a single password, should be used to protect most types of confidential data. With two-factor authentication, the user is required to use two of the following three forms of identification – something they know (password or PIN), something they possess (a token or USB stick) or a physical characteristic of the user (finger swipe) in order to gain access to the data. For more sensitive data, a multi-factor approach offers an even higher degree of security. In multi-factor authentication, a user must use three or more forms of identification. For example, in addition to a password and a token, users are required to answer one or more custom questions, known only to the user.
The USPTO has also created an increasingly sophisticated cyber security defense system to protect the nation’s patents and related information. In this multi-layered system, the USPTO guards against virtually every possible type of intrusion, protecting their systems against a multitude of potential denizens, from lone wolf to suspected nation-state Advanced Persistent Threat (APT) attackers. Compared to the USPTO, or even corporations, most law firms are easy targets and the client IP on their networks is low hanging fruit that is all too easily harvested. Too many law firms still view ‘reasonable’ security as signature-based (passwords) access and malware protection, like McAfee, as good enough. Today, it is not nearly enough.