Cybersecurity is a hot topic among lawyers in our current digital age. Just last month, Bloomberg Law reported that international law firm Foley and Lander LLC experienced a cybersecurity incident. Fortunately, the firm reported that there was “no unauthorized access to client data” — but this is not the case for many law firms that are hacked.
According to the American Bar Association, more than one third of mid-size legal firms (10-49 attorneys) experienced a security breach in 2017. That’s a pretty alarming statistic in an industry where information privacy is paramount.
So, what measures can your law firm take to safeguard against cybercriminals?
1) Have A Plan
Creation of a cybersecurity strategy should be a top priority. Strong security safeguards allowed Foley and Lander LLC to keep confidential data safe and out of the hands of cybercriminals. If your cybersecurity strategy is not current, it’s not effective. And worse, if you don’t have a cybersecurity strategy in place, your practice is an easy target for cybercriminals. A proper security plan includes documented security practices, education and monitoring.
To protect your client data, arm your law practice with the appropriate cybersecurity tools and educate employees about the types of cyberattacks that are out there and how to spot them. Computer World offers 10 steps to creating a successful cybersecurity policy, including this key takeaway concerning liability:
“Having a viable security policy documented and in
place is one way of mitigating any liabilities you
might incur in the event of a security breach.”
2) Beware Of Third Party Vendors
With the growth in software as a service (SaaS), more legal practices are relying on critical web-based applications to conduct business. While using outside services may improve efficiency, they also may increase your firm’s vulnerability to data breaches.
A recent report from Carbon Black revealed that 50% of today’s attacks leverage “island hopping,” a technique where cybercriminals use third-party vendors to gain access to sensitive data at a target organization. Behaviors as common as neglecting to logoff a business app used daily could put a firm at risk for an attack.
As a result, managing cybersecurity risk must extend beyond the law firm itself. It’s essential that law firms ensure any third-party vendors used also comply with privacy policies and employ security policies that are stringent and up-to-date.
3) Mitigate Phishing Attempts
Email is often the weakest link and one of the easiest ways for cybercriminals to gain access to confidential information. Phishing emails can be hard to spot and many people do not know how to identify a phishing scheme.
One type of phishing that has become increasingly popular with hackers are pretext emails. This form of phishing takes place when a hacker uses another person’s email, pretending to be that person to solicit information. While some email systems claim to filter out phishing attacks, today’s reality is that the hackers have the upper hand and a few scam emails end up slipping through to a user’s inbox.
Your in-house researchers, paralegals and attorneys are dedicated legal experts, but they are not likely to be aware how sophisticated and pervasive phishing has become in the legal industry. Take measures to educate all employees about common phishing attacks and remind employees to carefully review emails before opening, clicking or responding. These simple steps can mean the difference between avoiding a hack and becoming a victim.
4) Pre-Empt With Technology Tools
Beat the hackers at their own game with technology solutions that stop risky exposures. Invest in a secure password manager with real-time cybersecurity screening functionality. Solutions like Scooch provide security alerts, preventing users from clicking through to risky sites that could lead to harmful ransomware viruses.
Cybercriminals know that law firms store a lot of confidential data, increasing their appeal as a potent target. Cybersecurity that is not up to par can be a recipe for disaster. Data breaches are often devastating, and without the proper security in place, law firms are even more vulnerable. Ready to take action? Request a demo now and learn how Scooch can help protect your law firm from a paralyzing cyberattack.