Is Your Law Firm As Secure?
Studies show that a majority of legal firms are confident in their cybersecurity – but does that mean they’re actually secure?
The legal industry is facing its most challenging obstacle to date and it’s not from their opposition – these attacks against law firms are coming from hackers.
That’s why cybersecurity is becoming a more common topic of discussion in the legal industry. And while surveys have shown that 80% of legal organizations consider their cybersecurity to be sufficient, that may not be the case.
“[…] cybersecurity practices at law firms are generally not very strong,” said Eli Wald, author of Legal Ethics’ Next Frontier, Lawyers and Cybersecurity to Logikcull . “[…] lawyers in general tend to delegate cybersecurity concerns and responsibility for infrastructure to others, usually the IT group, and so they may not know how vulnerable they are.”
Why Are Law Firms Targets For Cybercriminals?
In a nutshell? Because of all the data you store about your clients.
“Law firms are the subject of targeted attacks for one simple reason,” says John Sweeney, LogicForce President. “Their servers hold incredibly valuable information.”
Wald agrees – not only do law firms collect a lot of data, but they tend to only collect the more important (and therefore, most valuable) data on their clients.
“Law firms and lawyers collect from their clients and handle very valuable information,” says Wald. “Rather than collect every piece of information that our clients possess, we tend to seek out in the context of representing our clients, and in order to effectively represent them, the important information that pertains to the representation.”
That’s why firms like yours are key targets for cybercriminals. The question is – what are you doing about it?
How Are Legal Firms Addressing Cybersecurity?
As of a few years ago, a third of in-house counsel respondents in “The State of Cybersecurity Report: an in-house perspective” reported that they had experienced a data breach – and cybercrime is only expected to grow, with the occurrence rate of data breaches estimated to increase by 22.5% each year up to 2023.
According to a recent study by the American Bar Association (ABA):
- 75% are using some anti-virus software.
- 58% of responding firms are using a firewall or anti-phishing software.
- 33% are using email encryption software.
- 25% are using device encryption software.
- 17% have some directory security in place.
- 25% have an employee training program involving cybersecurity.
5 Ways To Enhance Your Cybersecurity
1. Two-Factor Authentication
Two-Factor Authentication is a great way to add an extra layer of protection to the existing system and account logins. 45% of polled businesses began using 2FA in 2018, compared to 25% the year prior.
By requiring a second piece of information, you’re better able to make sure that the person using your logging in is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
2. Encryption
In layman’s terms, encrypted data is formatted in a secret code that would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only occur through a key, which is essentially a “secret password”.
3. Access Monitoring
In addition to encryption, the client data you store should be protected from unauthorized access:
- Firewalls
A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two. - Intrusion Detection
You need to keep an eye on unauthorized attempts to access your data. Whether they’re successful or not, attempts at access can tell you more about how cybercriminals are trying to reach your data.
4. Password Best Practices
- Length and Complexity
Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. - Numbers, Case, and Symbols
While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity. - Personal Information
Many users assume that information specific to them will be more secure – however, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook to determine when they were born, information about their family, personal interests, etc. - Pattern and Sequences
“abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.
5. Avoid Dangerous Emails
No matter who the email is from or what it’s about, always exercise caution when it comes to clicking on a link or downloading an attachment:
- Be wary of malicious attachments in email messages. They may contain malware that can infect your computer.
- Check to see who the real sender of the message is. The company name in the “From” field should match the address. Also, watch for addresses that contain typographical errors like jsmith@wellsfarg0.com.
- Hover over the URL in the email to view the full address. If you don’t recognize it, or if all the URLs in the email are the same, this is probably a phishing threat.
- Use an email client that scans attachments for malware, and never autorun an .exe file you’re unsure about.
This is a lot to handle on your own right? That’s where a knowledgeable IT services company can be invaluable. One that is more than just computer technicians, but a team of IT professionals who know and understand the unique security concerns of law firms. They can help you develop a cybersecurity plan that is ready to defend you against hackers.
Like this article? Check out the following blogs to learn more:
The New Ways Cybercriminals Pose a Threat to Organizations
Are You Keeping Up With FINRA’s Cybersecurity Best Practices?