fbpx

Cyber Security Should Be A Top Priority for All Law Firms

Published June 22, 2017

Cyber Security Should Be A Top Priority for All Law Firms

Cyber Security Should Be A Top Priority for All Law Firms

Law firms are integrating more technology in the workplace to manage legal files and client data. Legal software replaces more expensive outsourced costs and offers more streamlined benefits, such as:

  • Easy file access & remote access
  • Document sharing with peers
  • Team collaboration in real time
  • Easier storage & less paper

This greater dependence on technology means law firms are storing massive amounts of sensitive client data on their devices. But, many law firms don’t understand the IT security they need to protect their client data. Few have made the necessary changes to their IT security. These massive hubs of vulnerable data attract dangerous cyber criminals and pose a threat to law firms and their clients.

Here’s why cyber security should be a top priority for all law firms:

Most law firms have little to no IT security

33% of all US law firms have not assessed their company’s IT security needs or trained their employees on cyber security best practices.

This leaves a tremendous amount of client information exposed to cyber criminals. Studies show cyber criminals have hacked 80 of the top 100 highest revenue producing firms since 2011.

But the big law firms are not the only ones being targeted. About 15% of small to medium sized law firms are attacked every year. And they’re getting hit with more than email spam and basic phishing schemes.

Take ransomware, for instance (like the recent WannaCry cyber attack).

Ransomware is malware that holds data hostage until you pay the cyber criminals. It’s one of the most common threats to a law firm’s IT security. A cyber criminal could demand a high ransom for the confidential client information all law firms hold.

Law firms’ lack of IT security isn’t going unnoticed

Clients have recognized the high threat to their information and have put pressure on law firms. For example, Wall Street banks are now demanding law firms demonstrate their systems can fend off against cyber attacks as a provision.

Law firms store terabytes of sensitive client information

Law firms are gold mines for cyber criminals. They store confidential information about legal cases and personal client information on their servers, such as:

  • Personal email
  • Business health
  • Intellectual property
  • Credit card info & PIN numbers
  • Medical records
  • Social Security numbers & other PII

Firms of all sizes carry this information for their cases. Cyber criminals can use credit card info and PIN numbers to steal money out of a client’s bank account. They can sell information for insider trading if they know about business health. They could spear phish an entire firm if they know a personal email address. The list of potential threats only grows from here.

Law firms are being targeted by well-funded, organized crime

Law firms aren’t being targeted by your average blackhat hacker working out of a basement. Because law firms carry valuable company information, they attract more audacious criminals.

High-profile groups of blackhat hackers are targeting law firms, and these cyber criminals have their eyes set on big heists. The groups are highly sophisticated cyber cartels looking to steal information from many clients all in one swoop.

The size and expertise of these cyber cartels span the globe. Some of the groups work out of foreign countries that have competing industries. On this scale, they have even more incentive to hold the client information for ransom or auction it off to the highest bidding competitor.

Law firms aware of the risks are slow to improve IT security

In 2012, the FBI held a conference on cyber security for 200 of the largest law firms. They informed the audience that their firms were big targets of many cyber criminals.

Unfortunately, the cyber security standards within law firms have not changed much since then. In some cases, the law firms’ IT protection is worse.

The main reason for the lack of IT security progression is decision makers and senior partners don’t understand the importance of cyber security measures. They may see data encryption, two-factor authentication, or firewalls as getting in the way of day-to-day tasks.

In addition to the lack of urgency, many firms lack structure. The executive boards and IT departments work separately and have different goals and priorities.

If you’re reading this, though, you have the chance to change that for your law firm. Next, let’s discuss where you should start improving IT security so you can protect your clients’ data.

Law firms should start with these 6 IT security measures:

  1. Cyber security assessment & training for employees
  2. Patching computer systems with support from the manufacturer
  3. Taking inventory of data & encrypting storage centers
  4. Validating all accounts belong to active employees
  5. Secure password policies & password vaults
  6. Established data backup & recovery plans

Managed IT Security Services Protect Law Firms & Their Clients

Law firms without IT security services, training, and procedures in place for IT breaches are not exercising their due diligence in protecting their clients. Legal and ethical protection of your clients is not enough unless you are also securing their data.

Firms adopting more technology and looking to save on the technology costs will find a win-win scenario with a managed IT security provider. An MSSP would implement and monitor antiviruses, firewalls, and other protective systems to fend off cyber criminals’ attempts to jeopardize your firm and your clients’ company information.

blank
Matthew Tucker
matthew@pegtec.com

As CEO of Pegasus Technologies, LLC, Matthew Tucker brings a rare combination of leadership attributes, technical expertise, and experience in the Information Technology industry. Matthew Tucker is responsible for the annual operating business plan as well as strategic direction. His strong commitment to the company’s growth is evident in his personal involvement with developing the current management team, as well as building the future leadership. Matthew Tucker works closely with the Executive staff to develop and monitor policies and procedures for ensuring the growth and stability of the company. Matthew Tucker’s passion for the company and staff is reflected in his continued efforts to ensure the company culture reflects its key values: personal growth, available management, and recognition of accomplishments.