Law firms are notoriously slow to embrace new technology, but in today’s digital age, implementing new technology is critical in avoiding cyber attacks and protecting your firm from costly breaches. Law firms are often targets of cyber attacks due to the plethora of sensitive information to which they have access. When highly-confidential information such as client materials and financial data is compromised, so is a firm’s reputation and bottom line.
Unfortunately, the ability to protect law firms from cyberattacks has grown increasingly difficult. According to the cybersecurity firm Mandiant, “At least 80 of the 100 biggest firms in the country, by revenue, have been hacked since 2011.” This statistic is likely to grow as ransomware continues to sophisticate and expand. However, there are several strategies law firms can implement to mitigate security risks:
- Create Strong Passwords: One simple way to protect company information is by enforcing strong password requirements. Passwords with eight characters including uppercase and lowercase letters, numbers and symbols are generally strong. Employees should avoid passwords that include words related to personal information such as addresses, birthdays or pet names, because these are most susceptible to attacks. Passwords should also never be ‘abc12345’ or ‘password.’ Employees should immediately update weak, shared or compromised passwords to new, robust and completely unrelated passwords. Not doing so in a timely manner can jeopardize a company’s confidential information.
- Set Screens to Auto Lock: Employees should program laptops and computers to lock automatically after a period of inactivity. This security measure ensures that devices are not accessed by unauthorized users. Once the screen locks, a password is required to access the device’s the main desktop. Employees should never leave a device unattended but if they do, auto-locking will improve overall company security.
- Download Security Software that Automatically Updates: Law firms can improve their cybersecurity by installing security software that automatically updates and provides real-time protection. Whether there are errors in the operating system or improvements to security tactics, companies want their software updates to automatically install on employee computers. Additionally, employees should conduct periodic backups using a reliable cloud storage provider in order to prevent data loss.
- Implement Full-Disk Encryption: Full-disk encryption protects sensitive information by converting and saving information as a file that is difficult for unauthorized users to understand. To further protect this information, employees should never access files on public computers or unsecured Wi-Fi networks. If accessing confidential information away from the office is necessary, employees should only connect through authorized, encrypted networks.
- Implement Training and Develop a Response Strategy: Within seconds, a hacker can completely wipe a law firm’s protected data. Law firms should work closely with their insurance brokers to perform vulnerability and penetration testing, effectively train employees to recognize common threats like social engineering and phishing schemes, and ensure that all cyber threats are properly analyzed and adequate coverage is in place. Brokers can also help law firms develop a response plan that employees rehearse often so that if a cyberattack occurs, it is quickly eradicated. Employees must be familiar with who to contact, when to contact and what type of documentation should be recorded throughout the breach.
Cybersecurity is no longer just an IT issue. Cybersecurity is relevant to every aspect of a business – especially law firms. According to the American Bar Association Journal (ABA), “91 percent of cyberattacks begin because of an employee.” Therefore, all personnel should be regularly trained on these strategies to mitigate risks in order to protect their clients, their reputation and their bottom line.
