Research shows that most law firms are confident about their cybersecurity — but are they really as safe as they believe?
Cybersecurity and Your Law Firm
The legal sector is facing truly challenging opponents outside of the courtroom — cyber criminals.
The stakes have never been higher.
These rising threats are why cybersecurity is becoming a more common topic of discussion in the legal industry. And while surveys have shown that 80% of legal organizations consider their cybersecurity to be sufficient, that may not be the case.
“[…] cybersecurity practices at law firms are generally not very strong,” says Eli Wald, author of Legal Ethics’ Next Frontier. “[…] lawyers in general tend to delegate cybersecurity concerns and responsibility for infrastructure to others, usually the IT group, and so they may not know how vulnerable they are.”
Why Are Law Firms Targets For Cybercriminals?
The short answer is that law firms store lots of private data about their clients. “Law firms present a tempting target for cyber crime,” says Jason Rorie, CEO of MSP Overwatch. “Their servers hold incredibly valuable personal information.”
“Cybercriminals tend to focus on targets that are rich in personal or financial data,” adds Rorie. “They gain access to the data through ransomware or a breach, then sell it on the Dark Web to other criminals who use it in a number of ways.”
Stolen private data is used for everything from voter fraud to opening credit accounts. This activity often happens months after the initial theft of the data.
How Are Legal Firms Addressing Cybersecurity?
Recently, a third of in-house counsel respondents in “The State of Cybersecurity Report: an in-house perspective” reported that they had experienced a data breach. Cybercrime is only expected to grow from here, with the occurrence rate of data breaches estimated to increase by 22.5% each year up to 2023. According to a recent study by the American Bar Association (ABA):
- 75% of firms are using some anti-virus software.
- 58% of responding firms are using a firewall or anti-phishing software.
- 33% of firms are using email encryption software.
- 25% are using device encryption software.
- 17% of law firms have some directory security in place.
- 25% of firms train their staff on cybersecurity best practices.
5 Ways to Improve Your Cybersecurity Posture
1. Two-Factor Authentication
Two-Factor Authentication is the current standard for adding an extra layer of protection to existing system and account logins. 45% of polled businesses began using 2FA in 2018, compared to 25% the year prior. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards. Complete security usually demands multiple authentication methods: something you know (like a password), something you have (like your phone for 2FA), and something you are (like a fingerprint or other biometric).
2. Data Encryption
Encrypted data is formatted using a key, storing or transmitting it in such a way that it would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only take place with the correct key.
3. Access Monitoring
In addition to encryption, the client data you store should be protected from unauthorized access:
- A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
- Intrusion Detection. One of the only surefire ways to protect your network and data is to actively watch over it. A Security Operations Center (SOC) can monitor your network traffic around the clock and respond to any intrusion attempts in real time.
- Length and Complexity. The easier it is for you to remember a password, the easier it’ll be for a hacker to crack.
- Personal Information. Password recovery systems use personal details to verify a user’s identity — unfortunately, with widespread use of social media, it’s not difficult for hackers to research a target through Facebook to determine when they were born, information about their family, personal interests, etc.
- Numbers, Case, and Symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
- Avoid Patterns and Sequences. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.
5. Avoid Dangerous Emails
Always exercise caution when it comes to clicking on a link or downloading an attachment. Be careful even if the email seems to be coming from a known source or even from within your organization as email addresses are often spoofed:
- Be wary of links and attachments in email messages. They may contain malware that can infect your computer.
- Confirm the real sender of the message. The company name in the “From” field should match the address. Also, watch for addresses that contain typographical errors or lookalike domains like “firstname.lastname@example.org”.
- Hover over the URL in the email to view the full address. If you don’t recognize it, or if all the URLs in the email are the same, phishing is likely.
Cybersecurity is as complex as it is essential. Most law firms don’t have the resources (or the desire) to handle everything on their own. A knowledgeable IT services company can make all the difference. An IT provider with a proven track record of cybersecurity success can help you develop a cybersecurity plan capable of defending your law firm and your clients against hackers.
For more information, call mPowered IT at 678–389–6200 or visit mpoweredit.com.