Much like healthcare organizations, law firms are often home to hundreds of thousands of files, each containing sensitive personal and situational information. The loss of this information by user error or by a cyber attack can be devastating to clients who will have to endure yet another burden.
According to the American Bar Association's 2019 Legal Tech Report, 26% of law firms experienced a security breach of some kind, up from 23% in 2017. Even more (36%) have had malware or other virus-infected software on their computers. Though many law firms have taken additional precautions to safeguard sensitive client data, there are a few additional steps your firm can take towards ensuring efficient cybersecurity.
There is no doubt that law firms are attractive targets for cyber criminals. Why is this? Altant Security identifies a few key reasons:
With so much data coming in and out, law firms can easily lose track of files being stored on their servers. Believe it or not, "misplacing" files on your server is also a cause for concern. Where did it go? Who might have access? These are significant questions that could go unanswered.
Although conducting risk assessments and security audits are almost always a good idea, if your law firm is running into issues like the one noted above, don't wait any longer. Bring it up to your IT leaders and executive team for immediate action. As the American Bar Association states, "Information security starts with an inventory and risk assessment to determine what needs to be protected and the threats that it faces." Creating a risk assessment plan and running regular audits might not completely stop a data breach, but it will ensure you are best prepared for one if it happens. It will also provide a high-level overview of the firm's current IT structure, allowing you to uncover efficiencies and locate missing data.
Emails and attachments. They go hand in hand and are often considered the most efficient way of communicating information both internally and externally with clients. Though, is it the most secure? The American Bar Association says that for the most part, an email is a secure form of communication for a law firm. Extra care should be taken when sending attachments, especially those containing sensitive personal or case-related data. So, what can you do to secure sensitive emails? Encrypt them. Most native email clients offer the ability to encrypt email with a variety of options including, password protection, download restrictions, and more. This can make data more difficult for hackers to steal in an end to end communication process.
In the American Bar Association's 2019 report on cybersecurity, they found that less than half of respondents use file encryption (44%). Though this is an improvement on the year prior, it is still "low", considering the amount of sensitive data that is sent via email daily by any given law firm.
At first, it may seem like a great idea to offer access to documents and files to all members of your firm. Though this seemingly convenient approach can also be the most difficult one to manage from a security standpoint. A more secure approach would be to grant data access only to those who require it. For example, your lawyers may require access to a folder related to court preparation. It may seem unnecessary for the office receptionist to have this same folder access.
In this case, it would be advisable to utilize programs such as Microsoft SharePoint, Google Drive, or similar to store files and create custom permissions for members of your organization. Unlimited access to files by all employees will significantly increase the chances of data being lost or compromised.
The repercussions of data loss at a law firm can be extensive. It is advisable to inform yourself and your team on these types of potential breaches and the best ways to prevent them. Some of the most common cyber attacks that occur at these types of establishments can include:
Clients are not only trusting law firms with their cases, but they are also trusting them to protect the sensitive data that they share. Law firms must take necessary precautions to prevent the loss of data whether it be internal or external. If you have not given this much thought as a partner at a firm, there is no better place to start than by getting a view of your internal landscape by conducting an initial audit with your IT team.