Law firms have recently been targeted by hackers as gold mines. The information stored at law firms can be used to create fake IDs, to attain personal information about clients, and used to manipulate the stock market. Remember when Chinese hackers “were ordered to pay $8.9 million in fines and penalties for hacking into two law firms and stealing information on upcoming mergers and acquisitions and then leveraging the information to trade stocks.” These security breaches are hitting solo firms, as well as the larger 100+ employee corporations.

Law offices find out about the cyberattacks, and in some cases, are warned by the FBI. Last year the FBI sent out a notification, Alert Number 160304-001, titled “’Criminal-Seeking-Hacker’ Requests Network Breach for Insider Trading Operation” to let industries see how easy it can be to gain the services of a hacker or hacker group. Law offices should look into managed security services to help locate weaknesses in their infrastructure.

Risk Analysis

Law firms are responsible for the data they accrue, and that data must be safeguarded by all reasonable means. According to the ABA, risk assessments need to consider a) the sensitivity of the information and b) the likelihood of disclosure if additional safeguards are not employed. When a law firm considers safeguarding client data, they must keep in mind:

• Costs related to the implementation of additional security;
• How difficult it would be to implement the additional security;
• Whether additional security options hinder the attorney’s ability to work with his clientele.

The 2016 Legal Technology Survey reported “that about 14% of respondents overall reported that their firms had experienced a security breach at some point.” A security breach does not include spyware or viruses. The number is much higher (45%) when all types of cyberattacks are calculated into the equation. Only 10% of law firms reported the unauthorized access to law enforcement. Larger companies can get hit with malware attacks hundreds of times a day. It is a constant barrage against internal networks. In some cases, the attacks can act as a distraction so the hackers can try to infiltrate the network with a small ransomware attack. If a risk analysis shows your firm cannot successfully meet all the criteria of the ABA in securing your network, then it is time to look toward managed security services for help.

In-House Policies

Programs and policies need to be set up to make employees aware of the threats cyberattacks can have on the firm. According to the survey:

• 56% of firms keep documentation for employees to review
• 49% have a policy in place regarding email usage
• 41% have policies in place for proper internet and computer usage
• 34% have policies outlining social media parameters in the work place

A staggering 21% of firms do not have any policies in place when it comes to technology usage in the workplace, and 7% of those surveyed do not know if there are policies in place. In other words, 28% of firms either have no policies or do not actively show policies to employees. Proper security methods cannot be implemented if policies are non-existent or employees are unaware they exist. Learn more about how in-house policies can help your law firm:

TOSS has experts that can help you provide the right policies for your firm.

Cyber Insurance

Do you have cyber insurance? Did you know there was such a thing? Yes, law firms can purchase cyber insurance to help with cyber fraud, but in many cases the insurance does not cover breaches. Only 17% of law firms are actively utilizing cyber insurance, (which is better than the 11% in 2015) because many do not know it exists. It may not cover against breaches directly, but it can help with productivity and legal expenses if the need arises. A good cloud provider, such as TOSS C3, can help your firm meet security standards, such as ISO, NIST and CIS. Meeting these guidelines can help with insurance claims, state law requirements, or legal issues. Learn more about network security download the white paper: Small Business Networking

Added Security

Authentication is a must for mobile devices. In fact, any technological devices that need to connect to the firm from an outside source will use some kind of authentication protocol to gain access to your network. These authentications are great for security, but they are just the first line of defense in protecting your network from cyber criminals. Encryption helps tremendously, and there are several different types. Make sure to get the best you can find, and make sure it works for all your mobile needs. Basic tools like spam filters, firewalls, and anti-virus software can help to up your security level. They are simple tools, but they do provide another needed layer of security.

Disaster recovery can help in so many ways. It may not stop your data from disappearing, but it will ensure you have a secure backup.

Managed security services do not have to be handled in-house. TOSS C3 is a reputable name in the world of cloud computing and is familiar with the needs specific to law practices. Security is more than making sure no one gains access to your data. Proper network security provides a safe environment for law firms, their employees, and their clients.  Contact us for more information on how TOSS C3 can help with all your security needs:
Request a quote now.