What Law Firms Need to Know about Employees Working Remotely
Whether you are a Principal or Partner, it should come as no surprise that law firms are a targeted industry when it comes to cyber attacks.
The American Bar Association recently reported:
Attacks on the Rise
Law firms are the guardians of a wealth of confidential and valuable information, rendering them an ever-growing target of cyber attacks. Back in 2012, the Wall Street Journal reported, “…cyberattacks against law firms are on the rise, and that means attorneys who want to protect their clients’ secrets are having to reboot their skills to the digital age.” Jennifer Smith, “Client Secrets at Risk as Hackers Target Law Firms,” Wall St. J. Law Blog, June 25, 2012. In May 2014, New York Ethics Opinion 1019 warned attorneys about this threat, stating that, “lawyers can no longer assume that their document systems are of no interest to cyber-crooks.”
CNBC reports In 2017, data breaches cost companies an average of $3.6 million globally, according to a separate report from the Ponemon Institute.
For smaller businesses especially, that price tag could wipe out the entire firm. For a company of any size, a data breach can also cheapen a company’s brand and negatively impact their ability to do work, according to Shred-it.
LogicForce conducted a Q4, 2017 survey and found
- 48% of law firms had their data security practices audited by at least one corporate client in the past year.
- Many law firms lack cybersecurity leadership.
- Most law firms aren’t up to the task of effectively protecting their clients’ data.
- The number of corporate IT and data security audits are increasing.
The New York State Bar Association in Ethics Opinion 1019 states, “In light of these developments, it is even more important for a law firm to determine that the technology it will use to provide remote access (as well as the devices that firm lawyers will use to effect remote access), provides reasonable assurance that confidential client information will be protected. Because of the fact-specific and evolving nature of both technology and cyber risks, we cannot recommend particular steps that would constitute reasonable precautions to prevent confidential information from coming into the hands of unintended recipients, including the degree of password protection to ensure that persons who access the system are authorized, the degree of security of the devices that firm lawyers use to gain access, whether encryption is required, and the security measures the firm must use to determine whether there has been any unauthorized access to client confidential information.”
Of the attacks that occur because of unsafe remote connections, 75% stem from having weak passwords. Having an in-depth comprehensive password policy is a must for all companies; especially firms in the legal sector.
Another way to defend against these attacks is multi-factor authentication (MFA). MFA is a strategy that adds an extra layer of security by requiring a code (normally retrieved from your cell phone) to be entered along with your password for access. A strong password policy and MFA are vital but they are only part of the solution. You will need to be prepared with backups, shadow copies, and off-site disaster recovery, as well.
We have put together a Cyber Security Audit Checklist to make sure you are as cyber secure as you can be. Download it below.
Fairdinkum is your Law Firm Information Technology Service Provider and we will employ a number of measures to ensure that your data is safe with us. Each of our clients receives premium levels of service and support from our experienced and professional team of engineers.
You may want to read: