TheSoftwareConsultant | Thursday, September 13, 2018
Feature specially written for blog.thesoftwareconsultant.com
Feature by: Jean Brandrick
Last July, personal security website ASecureLife ranked Nevada as the riskiest state for security theft and it’s not hard to see why. Nevada is known for gambling and spending extreme amounts of money – two very attractive activities for identity thieves and hackers. Apparently, not everything that happens in Vegas stays in Vegas.
Aside from individual accounts, law firms are also frequent targets of cyber-criminals. 60% of US law firms reported data breaches in 2016. Hacking attempts have also been reported on 200 US law firms in 2016 and 2017. 40% of the companies were not even aware that their data had been compromised.
Despite this, Security Intelligence notes that there is a low regard for cybersecurity among many law firms. It’s a disturbing fact considering the extremely confidential nature of the info that they have. Vulnerable information includes privileged attorney-client information, trade secrets, mergers and acquisition details, and approaches to litigation, among many others.
The threats are also very real and must not be taken lightly. The Snowden whistleblowing incident revealed that the US and UK governments are spying on everything, and that includes attorney-client conversations. Given that law enforcement has the power to disregard attorney-client privilege, safeguarding this privilege should every firm’s top priority.
Needless to say, a single cybersecurity breach can cripple a law firm. Thankfully, there are numerous ways to safeguard your client’s data.
Develop a habit of online hygiene
Cybersecurity should be regarded first as a personal habit. All personnel should know how to make strong passwords, use a VPN, or browse anonymously. These personal cybersecurity practices should be part of all law firms’ basic orientation and training.
Hire a cybersecurity expert
As people become increasingly dependent on technology in conducting businesses, the need for cybersecurity experts becomes more urgent. A dedicated cybersecurity expert is aware of every trick of the trade, and is aware of all the possible vulnerabilities. These experts are generally well-versed in business processes and data management. While pursuing their chosen field, Maryville University specifies that cybersecurity students even use ‘virtual training grounds’. They’re trained to solve issues in every conceivable real-life scenario with regards to software and hardware security. The knowledge and skills they gain from these experiences are crucial in making a law firm hack-proof.
Develop a solid cybersecurity plan
Law firms have special needs and characteristics, so draft a cybersecurity plan that suits the company’s size, personnel make-up, budget, etc. Access controls should be given only to privileged employees, and systems should be segmented in such a way that only specific sections of data can be viewed/modified from particular access points. In addition, law firms should parcel out secure phones to their lawyers. As mentioned previously here on The Software Consultant blog, these are some of the considerations for creating a solid cybersecurity plan. Written Policy Password Security Two-Factor Security
Be ready with a breach response
Your law firm should be ready when an actual breach happens. The first thing to do is to create an incident response (IR) strategy. Breach and post-breach management can be improved via orientations, workshops and drills. Your IR measures can be refined further with third-party risk assessments.
Not sure where to start? You can get in touch with us through our Contact page and have a personalized approach to cybersecurity from an expert in the field.
Feature specially written for blog.thesoftwareconsultant.com
Feature by: Jean Brandrick