As of this year, there are nearly half a million law firms in the U.S., and the industry continues to grow. However, these law firms are also experiencing an unwelcome growth in the form of cyberattacks: The American Bar Association (ABA) found that 29% of law firms reported a security breach last year. Law firms remain a prime target for devastating attacks, from phishing to business email compromise scams to ransomware and malware.
You may recall the 2017 attack against one of the largest law firms in the world, DLA Piper. A ransomware attack infected hundreds of thousands of its computers. This summer, the firm Campbell Conroy & O’Neil, which represents Fortune 500 and Global 500 companies in more than half of its cases, reported a ransomware attack on a system that included confidential client information like passport numbers and biometric data.
What’s the allure? Law firms are an attractive target for attackers for several reasons. Firms house valuable data and many lack the technology resources, planning, and attention to protect this critical information. Lawyers are busy people and bad computer habits can be hard to break. And, because firms are required to protect their critical client data, they may be seen as more willing to pay a ransom for it. In short, many law firms are simply ill-prepared to thwart today’s sophisticated and relentless cyberattacks.
The good news is you can take steps to better protect your data. Here, we present three practical solutions to boost the security at your law firm, including encryption, multi-factor authentication, and data backup and recovery.
Encrypt Your Data (All of It)
Lawyers and law firm staff rely on copious emails and document sharing to run their firms. As they travel across the internet to represent their clients and their cases, this information can be intercepted. Law firm staff are also not immune from the remote workplace transformation of the pandemic, putting critical data at risk from compromised home devices, networks, collaboration tools, and bad practices.
Encrypting data makes it harder for attackers to intercept sensitive information. Essentially, data encryption is the process of “translating” your data into a code that requires a key or password to access it. There are many tools available for easy, seamless encryption of all of your data—in emails, hard drives, the cloud, or applications—in both transit and at rest. At the same time, less than half of firms use file encryption, according to the ABA!
For example, using a virtual private network (VPN) can encrypt data in a cost-effective and reliable way, creating a protected "tunnel" between your computer and internet. This provides a protected and private connection even when people are connected to public or home internet. For remote workers especially, make sure VPN exists for all devices, including tablets and mobile devices, and when using mobile devices as a hotspot.
Employ Multi-Factor Authentication (and a Password Manager!)
Another best practice is to employ multi-factor authentication (MFA) at your law firm. MFA is a simple, yet effective way to improve your security posture as it requires users to provide a sensitive and secondary form of identification. This is especially important as lawyers, like the rest of us, are prone to bad password practices that increase the chance of intrusion, such as weak and re-used passwords. As with data encryption, the ABA reports that less than half of firms employ two-factor or multi-factor authentication!
And, remember, there is added strength in coupling the right security measures. For example, implementing MFA in conjunction with a password management tool (a simple solution for remembering passwords and creating stronger ones) can be an incredibly powerful yet cost effective way to prevent intrusions. For more, here’s four benefits of using a password manager for your firm.
Do you have a backup and recovery plan in place?
What happens if an attack or breach does occur? Do you have a plan in place to prevent data loss and ensure that your firm can continue operations without interruption? According to the ABA, less than one-third of firms employ a device recovery security tool! A robust backup and recovery solution is also a key defense against ransomware: If you retain up-to-date access to your data, you may alleviate the need to pay a hefty ransom to retrieve it.
In an earlier post, we covered some key steps to get started with backup and recovery, which include:
Identify Critical Functions and Infrastructure: Take stock of your technology functions and create a list of the tools, platforms, processes, and infrastructure that is critical to your law firm.
Create an Emergency Contact List: Just as HR keeps up-to-date records of employee contact information, so should your firm or technology team.
Prepare for Disaster: The best way to recover from a disaster is to prepare for one. Proactivity is protection! What are the most likely threats to your IT environment? As you catalog these risks, consider what steps can be taken now to prevent or limit outages in these scenarios.
The legal industry, as with others, is making incremental progress toward improved cybersecurity. But there’s more to do. A good place to start is with the three measures presented here—data encryption, multi-factor authentication, and data backup and recovery. Beyond this, the experts at N8 Solutions are well-versed on the unique needs of law firms of all sizes, and we’re here to help you. This includes training your entire team on the most pervasive threats and what to do if they suspect something is awry. After all, we’re only as protected as our people are.
Please get in touch with our experts today for a free consultation!