Law firms are susceptible to various types of cyber attacks. From 2016-2017, 2/3 of law firms surveyed reported targeted cyber attacks. Attacks ranged from phishing (3rd parties using trickery to steal usernames, passwords, and credit card numbers) to Bitlocker scams (attacking the Windows optional encryption feature). If you're looking for five easy ways to make your law firm's client data more secure, then you'll want to continue reading below.
The first line of cyber defense is to create a cybersecurity policy and follow it. This may sound basic; however, according to TechRepublic.com, 95% of respondents to a recent survey of law firms did not follow their cybersecurity policy, and 50% hadn't even developed a coordinated response in the event of a breach. Also, none of the survey participants met their clients' cybersecurity standards. Successful cyber attacks may gain access to sensitive information through emails and private documents. A 2016 case showed that law firm cyber insecurity provided hackers access to information that resulted in $4 million in insider trading securities fraud.
Use anti-virus software. This is another essential tool but part of your first line of defense against hackers and malware. Your cybersecurity policy and training should also insist that employees do not "click" on suspicious links or open emails with attachments from unknown parties. Some businesses have gone so far as to no longer accept emails with attachments but instead require document access through links to secure servers.
Have backups to all information stored on 3rd party servers. Redundancy is preventative. With backup available now in the cloud, it only makes sense to have backups of sensitive network documents stored on 3rd party servers, tasked with keeping up with the latest in cybersecurity as their business model. That leaves your legal staff free to do what they do best - practice law.
Follow best practices in technology. After ensuring that your firm follows the above necessary steps, here are five additional technology tools you can use.
- Store and secure client information. Different size law firms handle cybersecurity technology in different ways. Smaller firms store sensitive data in cloud services like Google Drive. Larger and more secure firms use network passwords that require at least 20 characters and a two-level authentication process for accessing the system.
- Outsourcing cyber risk - Software as a Service. Smaller firms, in particular, are beginning to outsource cybersecurity protection to 3rd party vendors of Software as a Service (SaaS) in the cloud. SaaS provides affordable ways to protect client data. One example is a browser service that permits law firm employees to browse on 3rd party servers. This eliminates the risk of malware infecting the law firm's servers and prevents your firm from losing data. One company providing such browser services is Authentic8 Silo. Once an employee completes a browsing session, the browser service deletes all cookies/trackers to eliminate any record of the browser session.
- Use a password manager. Using technology comes with its shortcomings and employees are often a firm's greatest weakness. Using a password manager not only helps your business create stronger passwords than your employees ("password123" is not acceptable), it also shares them safely, and stores them securely.
- Use artificial intelligence. No, you do not have to invest in robots. You can, however, invest in software like iManage Extract. Artificial intelligence software reads your unstructured documents, so your legal staff doesn't have to, freeing them to do what they do best: practice law. Unstructured documents refer to word processor documents, files, images, audio, video, email messages, web pages, and metadata. iManage Extract software reads the documents, pulls out the important information and then stores that information safely in the cloud. The added benefit to using artificial intelligence is that the process is digital which means there are fewer hard copies to get lost or end up in the wrong hands.
- Safe digital signatures. Software like DocuSign provides audit trails, financial industry-level encryption, sealed authentication certificates resistant to tampering, and multi-level authentication. It is the safest way to verified digital signatures and, so far, the software has shown itself impervious to hacking.
One of the easiest ways to improve the security of your network is to have us provide you with a network security assessment. We can show you your firm's security risks and how to strengthen your security of your clients' sensitive information.
To learn more about protecting your firm's sensitive client data, read Lexology.com's August 2018 article entitled "Common Types of Encryption: What Lawyers Need to Know."
You may also want to read TechRepublic.com's article entitled "How Law Firms are Protecting Client Data from Cyber Threats" which was the inspiration for this post.
We look forward to helping you strengthen your internet security. Please contact us today to set up a network security assessment.