Law firms face several serious cyber security threats. In the headlines we read about large firms attacked by ransomware and other types of threats. But firms of all sizes find themselves under attack. As cyber-criminals step up their game to attack more firms, where legal cyber security can be improved,it should be considered.
Primary Law Firm Cyber-Threats
The types of cyber-threats faced by law firms fall into several categories and increase almost daily. However, legal cyber security experts focus on the following as the primary threats.
Phishing and Email Attacks
Like everyone else, lawyers use email daily to communicate with colleagues and clients and to share documents. At the same time, cyber-criminals creatively imitate document storage and signing services and employ other social engineering techniques to fool even cautious attorneys and staff. While posing as something they’re not, they persuade victims to click on links and attachments that prove to be phishing attacks.
Cyber-criminals successfully download ransomware onto your servers via a phishing attack or via unauthorized access. Once there, it can sit dormant for months until activated. When activated, the ransomware code encrypts or otherwise locks down important data and issues a demand for payment to regain access.
Paying the ransom is no guarantee that the files will be unlocked. Doing so may even increase the likelihood of another attack. Ransomware continues to be a major threat because cyber-criminals make money from it. In addition, double extortion ransomware is increasing as a serious threat.
Sensitive Data Leaks
Hackers or unhappy parties to a case may gain unauthorized access and steal sensitive firm or client data. As has been seen in some high-profile cases, they threaten to expose the information via social media or other communication.
Cyber Security Malpractice Allegations
Law firms have a legal responsibility to keep client data secure. As has happened in the past, clients may not feel that the firm is doing enough to secure their data. They may allege vulnerabilities in the firm’s network, servers, or online access, forcing the firm to take corrective action. Reputation or financial damages may result.
Attacks on Remote Devices
With more staff working from home, cyber criminals increasingly attack home computers, mobile devices, and collaboration technology to steal sensitive information.
Where Legal Cyber Security Falls Short
The 2020 ABA Legal Technology Survey Report reveals much about the attitudes and practices of firms regarding cyber security. Thus, Comparing the primary threats that they face above with actual cyber security practice reveals where legal cyber security falls short.
Cyber Security Training
While phishing attacks head the list of primary cyber-threats, just 46% of the law firms surveyed conduct cyber security training programs to protect against them. Effective training programs should be documented and ongoing to ensure new and existing staff know how to prevent a phishing attack.
Less than half of the respondents employ cyber security tools that could protect them from ransomware. For example, only 40% indicated that their firm has a disaster recovery/business continuity plan. Verified and recent backups, part of a comprehensive disaster recovery plan, prove essential to recovering from a ransomware attack.
Access Controls and File Encryption
To prevent sensitive data leaks from office computers or remote devices, many firms fail to implement strong access control measures. For instance, just 39% use two-factor authentication, 29% intrusion prevention, and 28% implement remote device management and wiping. To make stolen files unreadable, just 43% use file encryption.
Cyber Security Policies
Shockingly, 45% of law firms do not have formal cyber security policies. Thus, it leaves them little defense against cyber security malpractice allegations. Firms without a policy should immediately create one that covers the primary threats and implement the required measures to protected against them.
Legal Cyber Security Experts
In summary, law firms face five primary cyber security threats. Surprisingly, less than half of all firms have implemented the necessary measures to protect against them. They run the very real risk of suffering a successful breach, which brings with it heavy costs and loss of reputation.
If you find your firm in this position, consult the legal cyber security experts at eMazzanti Technologies to get started. They provide professional cyber security policy consulting, training, work-from-home technology, and the security tools to implement a multi-layered defense against todays legal cyber security threats.