- January 23, 2020
- Posted by: Stephan Kaplan
- Category: Blog, Featured
Attorneys are ripe targets for hackers who are after their client data …
While no industry is safe from cyber-attacks, law firms are attractive targets because of their broad access to sensitive information. There are numerous instances of past security breaches at law firms, many of which had catastrophic outcomes for the firms in question (just look at the list in this post from the National Law Review).
In fact, all a hacker really needs to do is read up on a publicized breach to learn how it’s done. The information is readily available, unfortunately, and to make matters worse many law firms are vulnerable and not doing enough to protect themselves.
But while it’s not difficult for a hacker to gain entry into a vulnerable system, the good news for attorneys everywhere is that it’s also relatively easy to implement cyber security tools to become more secure.
In this post, we’re going to go over what makes law firms vulnerable to cyber attacks and what you can do to improve your law firm’s cyber security.
Why Are Law Firms Prime Targets For Cyber Attacks?
There are a few basic reasons that the legal industry is a juicy target for hackers.
The biggest reason is simple: access to information. Clients turn over their most valuable information to their lawyers, firms, practitioners, and even the judicial system. They all contain a wide variety of datasets that hackers want. Hackers can capitalize on this important information and have hit the legal industry hard.
- In 2016, more than 11.5 million documents from the Panama-based law firm Mossack Fonseca were leaked to the public. This represented an alarming 2.6 terabytes of data. This incident, known as the Panama Papers, is the biggest data leak in history.
- In 2017, many offices at global firm, DLA Piper, were shut down due to a ransomware attack, killing its short-term revenue.
- Even small firms are vulnerable to cyber-attack and massive losses.
Cyber attacks can rob a law firm of its revenue, productivity, and reputation. They are not to be taken lightly, as they can completely cripple operations.
What Makes Law Firms Especially Vulnerable to Hackers?
There are many potential reasons a law firm may not be secure.
Some firms use outdated systems and haven’t prioritized security. Others may lack security expertise and think they are safe, but aren’t. Often, law firms haven’t updated their cyber security to keep up with their growth and the volume and type of client data they use or store.
Established firms will have a large amount of sensitive client data stored together in a central location. These data storage systems weren’t designed with security in mind, and sometimes, adding modern encryption and other strategies can be difficult.
Here are a few potential reasons law firms are attractive targets to cyber-attacks.
1. Attorneys are Focused on Servicing Clients
Because attorneys are so independent and singularly focused on their clients, they may not be properly focused on protections. This means their firm does not take the steps required to lock down files and applications with secure passwords. Extra steps like these slow down the process of “quick lawyering” and lawyers may compromise on security to ensure speedy, direct communications with clients.
2. Craving More Information
Hackers know that attorneys are always seeking more information, and they use it to their advantage. They know how to make an email and attachment look legitimate — a tactic known as email phishing. When the attachment is opened, the malware executes the hack behind the scenes, finding the desired data and gaining access to your network.
3. Growing Your Network
Not only do lawyers seek more information, but they also are in a constant quest to gain new clients and grow their practice. This may lead to social media networking, which is another popular access point for hackers. Even a formerly-trusted social media network like LinkedIn has become a popular hacker tool, making it easy for them to extract personal information on users.
Attorneys must be careful with their connections, as well as what they post and share. Restraint is always the best policy.
Law Firm Cyber Security Spending is on the Rise
According to a study by the recruiting firm, Robert Half Legal, 76 percent of surveyed lawyers planned to increase their cyber security spending in 2019. This was up from 41 percent in the 2017 version of the survey.
Lawyers expected to boost their cyber security budgets by an average of 21 percent last year, with not a single respondent saying they were going to decrease their budget. This shows that the law industry is collectively taking proactive steps to combat the growing threat of cyber attacks.
There are also growing legal concerns for the firms themselves, as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act have placed more accountability on firms to protect consumer information. Failure to do so could result in hefty fines and other liability for any firms that do not protect their clients.
As a result, not only do law firms need to protect themselves and their clients against hackers but also need to do so in order to be compliant with government regulations.
Don’t Assume Your IT Provider Has Cyber Security Covered
Here’s a rather alarming fact: Your IT Managed Service Provider (MSP) may not be covering your law firm’s cyber security.
Many firms think that their IT provider has policies, procedures, systems, and cyber security tools in place to prevent these kinds of hacks, but this isn’t necessarily true. It’s never safe to assume that you’re covered, but many firms make this mistake.
Consider this: If your IT provider does not have the proper cybersecurity protections in place, your IT provider can actually itself be hacked. This exposes your client data to theft and for the deployment of ransomware.
A firm may entrust its IT security to a managed services provider, but may not even know whether or not it is secure. Make sure your IT provider is equipped to address the evolving security risks and threats to the sensitive law network. If not, remember — it is your liability to protect your client data. Just because they say that they handle security, such claims in the sales process do not hold up to scrutiny, and will not hold up against hackers or other attacks.
Fortunately, entrusting your IT provider isn’t the only solution. Not by a long shot.
What You Can Do To Improve Your Law Firm’s Cyber Security
The potential solutions might seem apparent and simple, while others will be more complex.
For some firms, it can be as easy as setting a password for guest networks if they are doing everything else in a “best in class” cyber security maturity model. Others may need full-scale cyber security to be implemented at their firm. Others still may need to be prepped on how to lock down their servers and databases, not to mention their personal devices for work matters.
GoldSky Cyber Security Solutions offers a legal security program that is perfect for small to midsize practices. GoldSky’s legal security program is specifically designed as an affordable and effective option for practices to stay secure while also being compliant with state and federal mandates.