Law firms hold the keys to many, many kingdoms. Take a moment to think about the personal data you hold for your clients. Say you have a database of 2,000 clients. What is a bigger payday for a cyber criminal…trying to hack into 2,000 different individuals/businesses systems or to gain access to your company? Of course, gaining access to the records your company holds is much less labor intensive. This is why law firms are among the top targets for cyber attacks in 2020.
There is a belief that smaller law firms need not worry about security, but this could not be further from the truth. The size of your law firm does not lessen the risk of being targeted for a cyber attack.
The good news is there are things you can do to protect your law firm.
Employee Hygiene. The truth is our employees are our greatest asset, but they are also our largest potential liability. It is extremely important to have in person monthly or quarterly cyber security training for all staff members. Part of the training should include coordinated phishing email to staff members to see if any team members open potentially harmful emails.
Controlling Remote Access. Control exactly who can work remotely. Ensure remote access is needed and take proactive steps to increase security. Ensure your IT provider has set up a secure VPN (Virtual Private Network) which will allow all team members to connect remotely in a more security manner.
Password Management and Multi-Factor Authentication. Password management is key to protect your law firm from cyber threats. Given the opportunity, many of our employees will reuse the same password over and over. Putting a password policy and administration program in place will mandate password changes and structure to protect your organization. Additionally, multi-factor authentication is another layer of security to protect your organization. In an attack, they would need both the username/password and the persons phone to access systems.
Practice Secure File Sharing. Inside and outside your law firm there is going to be a lot of file sharing. This is one area where firming up security is absolutely one of the most important things that you do. Some small law practices have been found to be utilizing consumer grade file sharing applications. Why is that? They are inexpensive and easy to use. Law firms must use enterprise level file sharing services to protect their clients' confidential data. A clear, well-defined file sharing policy is a must for law firms big and small.
Creating a Cyber Attack Response Plan. Every law firm needs to have a well thought out and written incident response plan. Law firms are the back door for a cyber criminal's big payday. Look at exactly what your cyber security policies are, and what are your best practices? How are you educating your team members? What processes do you have in place to protect the data? What specifically will you do if the data is breached?
This is a good starting point to putting the layers of security needed into place to protect your law firm. As we head into the future, the only thing we know for sure is that a strong security plan is needed for every law firm big or small.
Jeri Morgan is the owner of Code Blue Computing, a Denver-based cyber security and IT services firm that specializes in supporting law firms. She is co-author of the 2019 best-selling book “Hack Proof Your Business,” as well as the book “Adapt and Overcome,” scheduled to be released in late 2020. She advises law firms throughout Colorado on cyber security best practices as well as how to utilize technology to increase productivity and profitability in their organizations. Her IT firm Code Blue Computing was named the 2012 Small Business of the Year by the City of Thornton and the 2014 Emerging Business of the Year by The Broomfield Chamber of Commerce.