The sensitive data held by law firms makes them ideal targets for cybercriminals. Data breaches are not always the result of sophisticated plots carried out by genius criminals hacking firewalls and servers as shown on TV. They are often the result of low-tech cybercriminals sending out phishing emails containing store-bought exploits or well-worded messages convincing recipients to do something they should not.
Because of lawyers’ ethical and legal duties to safeguard client data, understanding cybersecurity risks and how to handle them are imperative. ABA Formal Opinion 483, “Lawyers’ Obligations After an Electronic Data Breach or Cyberattack,” requires lawyers to protect confidential data and respond appropriately in the event of a data breach. Duties outlined in the opinion include the obligation to monitor for a breach, the duty to stop a breach and restore systems, and the duty to assess what happened.
One of the most effective ways to meet these requirements is by developing and implementing an incident response plan. Incident response plans are a set of instructions that help attorneys and IT staff detect, react and recover from security incidents. In the event of a breach, law firms must act immediately and work to recoup systems and data. Consider the key components of an incident response plan below to better prepare you firm for each phase of a potential breach: detection, response, and recovery.
Engage advanced detection tools
Develop a proactive detection strategy using tools that can regularly and automatically scan physical hardware, software systems, and servers for vulnerabilities. Monitor digital environments through firewalls, intrusion prevention systems and data loss prevention software.
Two types of tests that should be completed regularly are vulnerability and penetration testing. Vulnerability testing involves scanning all networked devices for potential vulnerabilities, which I recommend running as often as once a week. Penetration testing examines perimeter defenses and actively seeks out weak security settings. This should be done on an annual basis.
Control the breach
Keep an outline of network and data recovery processes ready to execute in a moment’s notice. Firms should be able to immediately contain and lockdown systems, networks and data sources to isolate the breach. Determine if any data has been compromised and what kind. Law firms have an expansive amount data generated every day but protecting client data should be prioritized. It’s critical to regularly backup data but just having a local copy is not always enough. An offsite replica of your backup will prevent it from being compromised in the event of a breach and may allow you to recover faster.
Firms may also need to replace infected hardware or software if a breach is detected. Budget and plan for swift replacements to minimize downtime.
Organize and delegate employee roles
Develop a list of roles for each firm member in the event of a breach. It’s imperative to ensure each person understands his or her role and is ready to act quickly to support problem solving. Map the incident response as a workflow and provide firm members with key contact info and clear instructions for communication.
Communicate the incident appropriately
Incident response plans must include a communications strategy that clearly outlines the security precautions taken and technologies used at your firm. This strategy should detail how both internal and external crisis communication will be handled if disruption occurs. It is also important to provide your team with guidelines on how to inform and update clients on the status of the disruption. Be mindful of cybersecurity incident reporting requirements imposed by federal and state governments, insurance companies and individual clients.
Analyze and learn
Keep a record of everything that happened, how it was handled and the successes and gaps of all efforts. Discuss the incident with the entire firm and use it as a learning opportunity to stay prepared for the future. After analyzing and gaining a full understanding of the entire incident, make necessary adjustments to cybersecurity and IT training policies to help prevent future occurrences.
Security breaches can be crippling for law firms if not handled properly. Detailed, comprehensive incident response plans will significantly help mitigate the damage of cybersecurity attacks – including saving time, money, and your firm’s reputation.
Gulam Zade is the CEO of LOGICFORCE, a legal technology consultancy that serves law firms across the country.
Reprinted with permission from the 6/1/21 issue of Mid-Market Report. © 2021 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.
Read the original article here: https://www.law.com/mid-market-report/2021/06/01/ensure-your-law-firms-incident-response-plan-covers-these-areas/