Law firms make a particularly attractive target for cybercriminals. They store confidential and highly sensitive data for numerous clients. And, as part of the supply chain, they represent a possible access path into the networks of their more secure clients. Thus, cyber security for law firms proves critical.
Consider the value hackers would place on trade secrets or merger and acquisition details held by a business law firm, for example. Or contemplate the damage caused when bad actors gain access to compromising information on public figures. In fact, a ransomware gang in 2020 demanded a $42 million ransom for information they stole from a celebrity law firm.
Not only do law firms have both an ethical and a regulatory responsibility to protect their clients’ data, but data breaches can prove costly in multiple ways. Unfortunately, surveys indicate that law firms often employ less than adequate cyber security measures in an increasingly dangerous digital environment.
The American Bar Association Model Rules specify that lawyers use “competent and reasonable measures” to protect client data on technology. They also require that attorneys communicate with clients about the use of technology and obtain informed consent. And they mandate that attorneys supervise both staff and service providers to ensure security compliance.
Competent and reasonable efforts, for example, include implementing basic cyber security best practices such as encryption and endpoint protection. They also include conducting periodic risk assessments to ensure supply chain cyber security. And according to a 2018 formal opinion from the ABA, they include notifying clients when a breach occurs.
In addition to ABA rules, law firms must also comply with regulatory and contractual requirements. For instance, any attorney associated with a health care provider must comply with HIPAA regulations mandating the protection of personal health information from inadvertent disclosure.
Likewise, clients demonstrate an increased focus on data security. Consequently, contracts now frequently include clauses mandating third-party security assessments and implementation of other security measures.
While ransom demands have risen to staggering heights, the consequences of law firm data breaches extend beyond possible ransoms. For example, in 2016 the law firm Moses Afonso Ryan Ltd. suffered a ransomware attack that locked down crucial files for three months. That meant the firm could not access important financial information or bill clients.
Other costs of a data breach include legal fines incurred, as well as the loss of billable hours. The firm may need to replace hardware or software and pay to upgrade security tools and repair damage. More difficult to quantify, but arguably more costly, is the damage to the firm’s reputation and the loss of client and public trust.
The ABA technology surveys show that more than one out of every four practices have already experienced a data breach. Common cyber threats faced by law firms include phishing attacks, ransomware, sensitive data leaks, cyber security malpractice allegations and attacks on remote devices.
To counter these threats, law firms must regularly revisit their security strategies. Critical basic cyber security best practices for law firms include the following:
The legal cyber security consultants at eMazzanti Technologies understand the challenges law firms face. Beginning with a risk assessment, they will help your firm build a security strategy tailored to your needs and budget.
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…
My job is to manage my law office’s cloud servers here at Justice Freaks. As…
My worst nightmare would be to date someone who isn’t who they say they are.…