Lawyers are regularly entrusted with sensitive information and material. That being said, one of the most important aspects of law is privacy and security. Clients expect their information, data, and documents to be protected at all times by the law firms they employ; If a law firm demonstrates that they can’t deliver secure legal services, then they can’t expect their clients to stick around for long.
With the advancement of technology being used more and more in business, the chances of a company experiencing a security breach at some point or another will continue to rise. In 2012, the FBI director, Robert Mueller, stated
“I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
While Mueller’s statement applies to companies in all fields, it can be particularly true for law firms who often hold important and privileged data. This fact alone has deterred a large portion of law firms from utilizing otherwise helpful cloud software and services - and it continues to slow down the technological advancement of the legal industry.
When the ABA released its 2018 Legal Technology Survey Report, the results were unsettling within the legal community. When asked about security breaches, overall, 23% of those asked reported that their firm had experienced a security breach - a number that often increases as the years progress. When the ABA broke down cybersecurity breaches further by law firm size and lawyer count, however, the numbers become more concerning. Here’s an excerpt from the ABA’s article 2018 Cybersecurity:
“This year, the reported percentage of firms experiencing a breach generally increased with firm size, ranging from 14% of solos, 24% of firms with 2-9 attorneys, about 24% for firms with 2-9 and 10-49, 42% with 50-99, and about 31% with 100+. As noted above, this is for firms who have experienced a breach ever, not just in the past year.”
Judging by the numbers, there’s a fair chance that your law firm could experience a security breach at some point. Luckily, there are steps your legal firm can take to protect your most valuable asset - yours and your client’s information. With the advancement of software and technology, the security industry has continued to work diligently to keep up with the cybersecurity issues that present today. By remaining proactive with security efforts, and by utilizing the best technology tools available to you, you can actively reduce your chances of incurring a security breach. Our checklist below can help you implement the top technology cybersecurity best practices for your law firm:
Assess Security Concerns
Before you fully invest your time into managing your law firm’s tech security, allow a moment to take stock of your current situation. This is an excellent time to notate and consider areas that could pose security threats, such as:
- How secure is the email service you utilize?
- Is the method in which you store and share client data secure enough?
- In what ways are you protecting the information your clients are entrusting you with?
- Are your company computers protected well enough?
- Is internet usage by your company’s employees safe and secure?
- When your firm’s lawyers work outside of the office, how are things kept secure?
Beginning the process by asking tough questions about your firm’s current security health is a great way to start; This can not only get you on the right track, but you may be surprised with some of the security issues that uncover themselves.
Research Cybersecurity Threats That Could Affect Your Law Firm
While security issues and cybersecurity dangers out there often don’t discriminate between businesses or business types, there are specific threats that law firms should individually pay attention to. Below are some examples of some key technology security threats you’ll want to consider:
- Ransomware - Businesses and legal firms being victimized by ransomware are unfortunately becoming more common. Ransomware is malicious software, often uploaded to computers through email attachments, that can then steal sensitive data, or hold it hostage until you pay a ransom to the perpetrator. This cybersecurity threat has been known to shut down law firms for months at a time until those responsible are caught or the ransom is paid.
- Hacktivists - Depending on the type of law your firm practices, you could be more sensitive to this type of security threat. The term “hacktivist” refers to hackers who target law firms with whom they take issue with clients represented or business the law firm conducts.
- Weak Password Usage - One of the most common ways data is stolen, accessed, or compromised is a lack of password usage or weak passwords. If lawyers and staff at your firm are neglecting to use strong passwords, use the same password across software and systems, or do not regularly update their passwords, they are putting your law firm at risk.
- Accidental Data Exposure - Often, the loss and exposure of files and data within law firms is simply a result of human error. Security issues can stem from weak passwords, unsecured wi-fi, loss of physical files, or clicking on infected files and email attachments. Much of this can be prevented for the most part by better and consistent employee education.
- Viruses - The way in which viruses work to harm your computer changes rapidly and consistently. Anti-virus software works diligently to keep up with this ever-mutating cybersecurity threat; This is why your law firm must utilize the most up to date virus software possible to minimize the danger. Viruses can easily be downloaded through internet files or infected email attachments.
Computer viruses can potentially do severe damage to company data and property by deleting memory, slowing down performance, damaging programs, reformatting your hard drive, deleting files, and more. Some viruses can damage your computers so thoroughly that it renders the equipment useless.
- Employee Theft - No employer wants to think this will happen, but employee theft is a risk you’ll need to keep in mind. Law firms tend to deal with a lot of sensitive data and material, and because of this, there is more of a risk of theft than many other business types. An excellent example of this potential issue would be the “Panama Papers.” Wikipedia describes this event as follows:
“The Panama Papers are 11.5 million leaked documents that detail financial and attorney-client information for more than 214,488 offshore entities. The documents, some dating back to the 1970s, were created by, and taken from, Panamanian law firm and corporate service provider Mossack Fonseca.”
- Outdated Technology - As previously mentioned, technology is ever-changing; Because of this fact, security tech threats are also continuously evolving. These facts mean that it’s essential that your law firm avoids outdated software and technology usage as much as possible. Older computers and laptops, obsolete software, older servers, and other items can lead to potential security breaches.
- Remote Work Security Issues - The practice of allowing employees to work off-site or from home is becoming more and more popular; This statement can be especially true in the legal field as lawyers often have to meet with clients or work outside of hours to complete tasks. While there is nothing inherently wrong with remote work being conducted, it can present some additional security issues for your legal firm. Security can be compromised due to the employee or lawyer using unsecured connections or wi-fi, working in an insecure area such as a coffee shop or restaurant, by the usage of older computers and software for work, and other situations.
- Weak Third-Party Software Security - Even if your law firm’s security standards and practices are top-notch, if the software you’re using doesn’t take equally as strict security measures, you can still fall victim to cybersecurity problems. It’s crucial to ensure the companies you hire or the software you use prioritizes your law firm's security.
Take Inventory of All Hardware and Software
While this may seem a tedious task, it is one of the most important - taking a thorough inventory of all hardware and software in use within your law firm. A detailed catalog should be made and maintained to do this effectively. Be sure to take note of and document the following:
- All hardware, including serial numbers and location of, should be noted. This includes computers, smartphones and devices, printers, fax machines, and servers.
- All software, including license numbers and records, version numbers, passwords, and keys should be recorded.
Once you’ve completed this inventory, make a point to schedule regular updates of your records. Most likely, your firm will update various hardware and software items throughout the year. You’ll find maintaining technology security practices much easier when you’re working off an updated list of hardware and software.
Prioritize Your Data
Your firm’s files and data are the most valuable assets you have to protect. That being said, implementing and managing dependable security practices to protect your data is vital; You can do this in several ways:
- Protect Your Locally Stored Data - For data and files that you have stored locally on your network and office computers and laptops, it’s important that potential threats are continuously monitored and actively avoided. To do this, your firm should ensure up-to-date firewalls, antivirus software, and spam filters are utilized at all times within your network.
- Utilize Reliable and Updated Cloud Storage Services - Usage of cloud storage services via the internet is becoming increasingly popular and, to the dismay of many law firms, necessary to stay relevant as a company. When choosing cloud providers, it’s essential that you use one that has an established track record of security and reliability, such as Google. You’ll also want to make sure that the same cloud storage method is used fluidly throughout the company - this will make things easier to monitor should any security problems arise.
- Have a Back-Up Plan - While many law firms are digitally storing records, often there are still hard copy files and data records maintained, or local electronic storage methods used. This is okay, but you’ll want to make sure that you have these files also stored on a hard drive or within a cloud data service should anything go wrong with your local or hard copy versions.
Develop a Plan and Implement
If your law firm doesn’t already have a security plan, you should make one. Your plan will encompass much of what we’ve previously discussed above, and should be comprised of the following essentials:
- A comprehensive list of all hardware and software requiring regular security maintenance.
- Scheduled dates and times for security updates and checks. This portion will include updates of antivirus software and firewalls to ensure they are current.
- Scheduled dates and times in which lawyers and staff are required to update and change their passwords.
- Regular check-ins with third party companies and software used to ensure no data breaches have been incurred and that they are implementing the best technology security available.
- Following established security standards that many law firms abide by, such as the National Institute of Standards and Technology or the International Organization for Standardization.
- Establish one person or a department that is in charge of maintaining security and handling any issues that arise.
- Planning ahead for your worst-case scenario should a cybersecurity issue arise is one of the best steps you can take. If there is a loss of data or a breach of security, how do you plan to handle it? When you establish and plan for a response to problems, it can significantly reduce the negative impact it has on your firm and the amount of time it takes to recover.
Train Your Law Firm’s Staff on Security Expectations
While even the best-laid plans have the potential to offer top tech security for your law firm, if your attorneys and staff aren’t kept updated and adequately trained, your effort is practically useless. Not only should your employees be thoroughly trained to recognize potential threats, but they should also understand what to do and whom to go to should they incur a problem. Training in safe and secure internet usage is also important. Many companies and law firms choose to include their security plans, expectations, and protocols in an SOP (standard operating procedure) that is available to all employees for reference.
Consider Professional IT Services
If you haven’t decided whether or not to hire professional IT services for your law firm, maintaining the best security practices could be an important factor for you. Professional IT individuals or companies will be well-informed on the current cyber threats your firm faces and what the best protection methods are. They can also help ensure regular security check-ups are conducted, and should a breach or issue arise; They can assist your law firm in quickly and effectively managing the problem.
For more information on hiring an IT company for your law firm, take a look at this article.
Many key factors comprise the elements needed for growth and success with your law firm - including the following of top tech security best practices for law firms. By creating a comprehensive security plan and implementing proper protocols, you’re helping to ensure the continued advancement of your law firm and client base. Consider the security steps you take one of the most important methods of defense you can place between your law firm and outside attacks and deterrents. By following the security checklist above, you’re helping to ensure the technological safety of your law firm.
- The National Law Review, Cybersecurity Best Practices: Cyberattacks Against Law Firms
- Legal IT Professionals, 4 Cybersecurity Beat Practices That Law Firms Should Prioritize in 2017
- Digital Guardian, Law Firm Data Security: Experts On How to Protect Legal Clients’ Confidential Data
- ABA, 2018 Cybersecurity
- Law Technology Today, Four Ways Law Firms Can Safeguard Sensitive Client Data
- Logiforce, Top 10 Law Firm Security Threats and What You Can Do to Address These
- IT Pro Portal, The Importance of Maintaining Cyber Security In Your Business