What Law Firms Need to Know about Cyber Security
Cyber crime is a very real threat to the legal industry. One in five law firms reported an attack in 2017. In a survey conducted by ABA Legal Technology, 22% of lawyers reported their firm had incurred a data breach, up from 14% in prior years.
Cyber attacks have become a daily occurrence and organizations both large and small have become victims. The National Law Review pointed out that companies such as Uber, Verizon, and Yahoo have had big breaches in the last year. Small law firms must not believe they are too small to be targeted, as attacks are so numerous in the legal field.
One of the main reasons hackers have zeroed-in on law firms is the, “it won’t happen to us” mentality. Hackers are aware law firms have access to valuable data and don’t necessarily have the highest security in place, making them easy targets for attacks.
A security breach is not just an inconvenience, either; it can be costly. For law firms, a breach in security carries major consequences. Firms have a responsibility to uphold client confidentiality and protect client data under Rule 1.6 Confidentially of Information. Client confidentiality extends to all relevant tech devices, including mobile devices, as stated in Article 1.1 Comment 8 on Maintaining Competence of the American Bar Association. Loss of reputation, billable hours, files and monetary damages have been a few of the issues firms have encountered with an attack. It’s now more important than ever for law firms to take precautions- both for ethical and financial reasons- in order to prevent a beach.
Table of Contents
What Law Firms Can Do about Cyber Security
Cyber security is needed now more than ever. One of the ways law firms can protect their confidential client data is by finding a technology partner. Technology partners are the experts on the newest threats and how to prevent them.
Cyber insurance is another safeguard many firms have implemented. Current general liability insurance and malpractice policies do not cover a breach in security, thus making cyber insurance a small but growing need for firms.
Having policies in place and frequent employee training are recommended. If employees are equipped to spot potential security threats before they occur, this minimizes the firm’s risk. One in four respondents to the tech survey claimed they didn’t know about their firms’ policies and procedures around cyber security. The ABA recommends having a formalized structure that incorporates people, policies, procedures, and technology. A firm should have a security plan in place rather than one-off polices around technology.
Encourage employees to make strong passwords and use an app to manage them. Two-factor authentication is key. Two-factor authentication uses a password plus a code sent to a mobile device or google authenticator. This double authentication puts up another barrier a hacker must bypass to obtain client information.
Encryption protects data in storage and any data transmitted over networks. Encryption is a basic level of protection and should be widely used on all devices. Full drive encryption is strongly advised. Full drive encryption ensures data can only be readable through passwords or other access.
Email is the most common entry point for hackers. 90% of cyber breaches occur because of a phishing scam. A spam filter is a simple line of defense against phishing emails. The best thing for lawyers to do if they have clicked on a phishing email is to change passwords and apply the two-factor authentication, suggests Law Technology Today in a recent article.
Law firms need to take note of data breaches happening on a regular basis in the news. Any firm, large or small, is vulnerable to a cyber attack. By engaging a technology partner and having a technology program, law firms can keep up-to-date with top threats and defend against them. Making minor changes, such as using two-factor authentication and encrypting all devices, is a step in the right direction. The biggest way law firms can prevent cyber attacks and protect client confidentially is by being informed and constantly aware.