Most Law Firms’ Cybersecurity Not Up To Par As Risk Grows
Most law firms are underprepared for cybersecurity threats, despite a sharp spike in cyberattacks against the industry in 2017, according to a new report from information technology consulting firm LogicForce.
The report, released Monday, said about one in five small to medium firms were hit by a cyberattack last year, up from fewer than one in 10 the year before. However, 76 percent of firms this size do not have a dedicated person to monitor event logs for firm devices in order to detect attacks and most don’t have a response plan for a breach, the report found.
And law firms are particularly resistant to hiring a dedicated information security officer, the report said.
“We believe their reluctance to invest in this mission critical resource is primarily due to the expense control provisions most law firms have implemented over time,” the report said. “This is a risky proposition, and we predict law firms will continue to be a focal target of cybercriminals.”
The report comes at a time when the American Bar Association is increasing its recommended requirements regarding how firms safeguard digital information and respond to cyberattacks. In recent years, cyberattacks on law firms have continued, with both large and small firms affected.
The LogicForce report did find that most firms do take some security precautions — 99 percent have a password management system, and 88 percent conduct penetration testing to assess their system for potential vulnerabilities.
However, less than half of firms use tougher measures such as multifactor authentication, in which users must use multiple methods to prove their identity, according to the report. Even fewer use an information security operations center to monitor for attacks, the report said.
And only about 45 percent even have an established and documented cybersecurity policy, the report added.
The report recommends that firms implement tougher security features, such as multifactor authentication, data loss protection systems and encryption, and that they also conduct regular testing and monitoring to ensure that data is secure and that the firms’ security measures are working.
The report is based on survey information from IT professionals working for both small and medium sized firms.
Read the full article here: