Managed service provider

Cyber Security Checklist for Law Firms

July 18, 2017

Technology professionals across the globe are seeing an uptick in cyber terrorism. In the past month:

  • June 24: Hackers attempted to exploit weak email passwords and breach the databases of the British Parliament.
  • May 12: The largest ransomware attack ever recorded occurred, affecting business and infrastructure in 150 countries in 72 hours, including disrupting Great Britain’s hospital network and telecom providers.

While no industry is immune to cyber hacks, data-rich law firms have been increasingly singled out as having a great return on the time spent trying to breach files. Client data, including financials or proprietary business intelligence, could yield marketable information that hackers can steal, sell, or leak.

While corporations can, and have invested in cyber security teams, law firms have historically lagged behind in security protection for their valuable data. This is especially true in the small to mid-size firm, however, the largest law offices are certainly not prepared – and are paying the price:

  • December 2016: Two Chinese nationals were charged with hacking the servers of two separate, but large, legal firms. While the law firms are not named in the federal charges, they are listed as providing legal counsel for Intel and Pitney Bowes. The Law dot com website surmises the two hacked firms are likely the largest and most prestigious in the United States: Weil, Gotshal & Manges and Cravath, Swaine & Moore.

Over the past ten years, law firms have migrated data from the law library to the online platform. Even solo attorneys are seeking the easy convenience of cloud models. However, internal systems in these law firms have not kept pace with the security threats. Mitigating this risk is a crucial challenge, according to Inside Counsel who reported:

The vulnerabilities that this creates for corporations are law firms being a weak link in their data security posture. Security is only as strong as its weakest links, and with law firms maintaining contracts, business agreements, PHI, PII, and other intellectual property they have the same data as their corporate clients.

Law Firms and Data Protection

Obviously, it is the duty of law firms to protect their client’s data. Pre-planning and assessment is the best place to start mitigating your data protection risks. Hackers are expert at exploiting your vulnerabilities before you are even aware of it. An Inside Counsel article stated that in 2015 it took companies an average of 204 days to even know their networks were compromised.

Many cyber terrorists utilize email phishing scams to open a back door into your firm’s data. Most law firms do not have data protection policies or training in place to prevent employee error that could include weak passwords or opening the wrong attachment.

While smaller law firms may not immediately come to mind as the hacker’s first choice, it should be noted that it’s your client roster, not the size of your firm, which matters. A recent ABA Journal article recounts the story of a hack caused by simply opening an email – in a 12-lawyer firm.

According to the American Bar Association:

  • 25% of law firms with 100—500+ employees have been breached.
  • 13-15% of law firms with 2-99 employees have been victimized.

Media attention, including social media marketing, can inadvertently alert hackers to the kinds of data available on your network, which increases your security risk. Any firm storing sensitive, confidential data electronically is at risk.

Cyber Security Must Haves for Law Firms this Year

Cyber security mechanisms to mitigate your risk are this year’s must-haves for any size law firm. Here are some of the tools you can leverage to protect your data:

  • Firewalls provide a digital layer, or wall, between you and anyone lurking outside your network.
  • Antivirus software scours your network for viruses, malware, worms or other malicious bugs and blocks or uninstalls them.
  • Intrusion-detection systems monitor behavior in the form of traffic on your network. The software gathers data, looking for suspicious activities and alerts network administrators to the threats, allowing them to manually determine if a threat exists.
  • Security patches are increasingly important. The name aptly describes their function; they patch security vulnerabilities in your software. These patches are free from your software vendor. For those firms who are now using cloud computing to store their data, these patches occur regularly. For the law firms using legacy on-premise software, these patches may be woefully out of date.
  • Employee education is a vital part of this process. It only takes one employee to open the wrong email and infect your network with malware.

Law firms have turned to outsourced security experts to stay on top of the ever-evolving cyber security landscape. As risks have increased, these outsourced resources, called managed service providers, are increasingly in demand for law firms of all sizes.

Get a free assessment and find out how your law firm ranks on our cyber security checklist.

Mitigating the Risks with a Managed Service Provider

A managed service provider’s first response would be an assessment of the information architecture of your firm. Understanding firewalls, network maintenance protocols, digital forensic and maintenance processes, and IoT device applications are all important to a proactive security response plan.

Managed service provider firms can serve as a solo technology team for small firms, or can complement existing teams in larger firms. Managed service providers monitor your network 24/7 with intrusion detection software so that if a breach occurs, you can respond appropriately. Most managed service providers can work with your firm to develop an incident response and business continuity plan should intrusion, natural disaster, or any other disaster occur.

Final Thoughts…

Security breaches are on the rise. A CompTIA study showed that 73% of companies have experienced a security breach in the past year. While lawyers have traditionally flown under a hacker’s radar, the sheer volume of confidential data housed in your servers has now placed a large, red target on your firm.

Cyber terrorism breaches can cause business downtime, create client liability issues, and instigate a public relations nightmare for your law firm. It’s for these reasons that cyber security should be moved up on the list of strategies for law firms this year and for the foreseeable future.

Are you ready to make cyber security a priority? Request a quote now.


Let's Start a Conversation.

Connect with us and experience the TOSS difference.

Send this to a friend