An overview of how you can improve your cybersecurity
As Director of IT, I frequently review errors as they arise in our law firm clients’ systems. Ransomware attacks and phishing schemes are on the rise, and hackers frequently target attorneys knowing they have sensitive data to steal and exploit.
According to our 2019 Cybersecurity Scorecard, only 60% of law firms meet the minimum standards of cybersecurity policies to successfully counter threats. If lawyers don’t meet cybersecurity standards, they may violate the Code of Conduct rules 1.1 and 1.6 by the American Bar Association that outline a lawyer’s duty to keep client data private. Firms risk security breaches, loss of data, loss of clients and business, and sanctions by the bar if they fail to adhere to at least the minimum level of standards.
Most of today’s successful breaches or data losses happen when:
- Devices with unencrypted data are lost
- PCs or servers have missing security patches
- Law firm staff falls prey to phishing attacks
- Hackers find and exploit vulnerabilities in a network
As professionals continue to work remotely and digital communication increases, ransomware attacks continue to rise. When a firm has had its data encrypted and held ransom, it can take days or weeks to restore from backup depending on the amount of data affected. If a firm decides to pay a ransom, it risks paying without the guarantee that it will result in returned data. It also positions a firm as an easy target for reinfection.
Implementing proper cybersecurity standards begins with an automated system that verifies all PCs have up to date patching and anti-virus software. The security requirements quickly grow more complex as more layers are needed to monitor network traffic for suspicious activity and prevent unauthorized access. Security software and hardware, training, and experienced security operators are all needed to meet the minimal levels of cybersecurity standards.
To start, below are the best policies and tools to implement at your firm:
- Password management – a computer program that allows users to store, generate, and manage their personal passwords.
- Third-party risk assessment – an analysis of vendor risk posed by an organization’s third-party relationships.
- Multi-factor authentication – an electronic authentication method that grants users access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism.
- Threat monitoring – continually analyzing and evaluating data in order to identify cyberattacks.
- Full disk encryption – a cryptographic method of encrypting the entire hard drive including data, files, operating systems, and software programs.
- Annually updated cybersecurity policies – technologies and best practices evolve. Plan for an annual review of policies.
- Formal cybersecurity training – cybersecurity training programs establish safe methods to carry out a user’s daily responsibilities and heighten awareness of common practices to gain unlawful access to systems.
- Designated security executive – a designated, credentialed security officer establishes and maintains the firm’s cybersecurity strategy.
These tools are detailed in LOGICFORCE’s Cybersecurity Scorecard and should be managed and developed by a security executive or outsourced partner that can ensure the firm stays current in the constantly changing cybersecurity landscape.
Small or large, a firm’s survival is directly tied to protecting its data. Comprehensive cybersecurity programs will not only limit the risk associated with keeping sensitive client data, but they will also act as a differentiator and create opportunities for new business.
The LOGICFORCE Difference
Many law firms have technology systems that are outdated, underperform and put firm data at risk. The best way to prevent cyberattacks is through IT optimization. For this reason, LOGICFORCE created New Style Legal IT®️, a fresh, holistic approach for law firms to leverage advancements in legal tech. New Style Legal IT®️ provides everything your law firm needs to operate at peak performance: technology systems, strategic advice and a dynamic team of legal technology experts.
Thom Haupt is the Director of IT at LOGICFORCE. With over 20 years of IT experience, Thom focuses on system design, network architecture and the adoption of new technologies and systems. He also specializes in improving cross-functional connectivity between departments at LOGICFORCE, and determines how projects impact, improve, and can be adapted to the firm’s clients.