Crime Online: Cybersecurity Threats and Solutions for Your Law Firm
Protect the confidential information of your clients by securing your law firm’s digital data
The internet has revolutionized the availability and transmittal of information, and for the most part, the resultant technology has made our lives infinitely easier. From the mobility enabled by cloud computing to the on-demand access to data, the internet has become a part of our daily personal and professional lives that would be difficult to live without. However, the myriad of benefits also comes with consequences and responsibilities. The potential for data breaches is a real and present danger, and since your ethical obligations as an attorney include protecting your clients’ confidentiality, your practice needs to have a plan in place that covers cybersecurity.
Due to the nature of the work, law firms have access to information that is considered valuable to cybercriminals, including personal client details, mergers and acquisitions data, and intellectual property. The American Bar Association’s 2017 Legal Technology Survey Report shared that 22 percent of the law firms that responded had experienced a cybersecurity breach, which was an 8 percent increase from the previous year. That statistic can be further broken down by firm size:
- 27 percent of reporting firms had two to nine practicing lawyers
- 35 percent had 10 to 49 lawyers
- one-quarter with 500 or more lawyers suffered a breach
As businesses and data become more interconnected, the insidious industry of cybercrime becomes more sophisticated, and the consequences more drastic.
Types of cyber attacks
Regardless of the size of your firm, or the type of law you practice, your digital information is at risk. Generally, hackers use one of the following tactics to access legal data illegally:
Phishing: Phishing attacks involve sending out emails with infected attachments in an attempt to obtain passwords or gain access to computers or networks. Phishing is the biggest threat according to Mark Rasch, a lawyer, and former computer crimes prosecutor, “It’s the No. 1, No. 2 and No. 3 threat for law firms.”
Phishing attacks are usually random and generated by a network of computers controlled by a botmaster that programs the directions. However, there’s also a method known as “spear phishing,” where individuals or a group of individuals are targeted by cybercriminals. The involved emails usually look like they come from a client or colleague; some form of trusted source. A “whale phishing” attack targets managing partners or senior executives in an attempt trick an executive into revealing company info to gain access to personal and corporate data.
Malware: The word malware is a portmanteau for “malicious software” and involves a virus or worm that will infect the user’s computer. For the most part, the affected files are held hostage versus being outright stolen – the hackers will threaten to lock or destroy the information if the ransom isn’t paid within a certain timeframe.
Unsecured Wi-Fi: Lawyers are largely dependent on accessing data remotely, which makes them vulnerable to attack an unsecured Wi-Fi connection. Experts recommend that attorneys use a virtual private network or mobile hotspot, and never rely on a hotel’s Wi-Fi. It’s also important to update software regularly; outdated versions allow easier access for cybercriminals.
There are many ways to prevent data breaches, and unfortunately, you can’t rely on just one, which makes the entire endeavor potentially overwhelming. While it’s true that firewalls and anti-virus software are important, security goes far beyond that.
Although it’s not cheap, the best bet to ensure that your client and business information is safe is to hire an outside source for a vulnerability assessment. A vulnerability assessment can identify where your firm is most at risk, which can help you assess where your time and money is best spent when it comes to cybersecurity.
Whether it’s training employees, encryption options, upgrading equipment, or purchasing insurance that will help cover the costs of a cyber attack situation, an experienced outside source has the knowledge and objectivity to identify your firm’s weak spots and make suggestions on adjusting accordingly. Remember, a data breach could potentially cost far more than preventing one will.
Cybersecurity is a big business; Gartner Inc. estimated that spending to prevent cybercrime will increase by 8 percent this year, for a total of $96.3 billion. While securing your firm’s information can initially seem like a big investment, creating a solid plan regarding the protection of your digital data can save you time, stress, money, legal repercussions, and damage to your professional reputation in the long-run. Do your research and find a trusted vendor capable of performing a vulnerability assessment so you can get back to what you know – practicing law with confidence that your clients and your practice are protected.
Looking for more technology-related tips? Check out the Boss Reporting Blog to better serve your business.