Law firm cybersecurity threats to keep aware of

by Brad Garland

Watch almost any movie from the 90s or early 2000s dealing with computers and you will see a highly stylized version of “hacking”. The scene will probably feature a t-shirt or hoodie-clad “hacker” sitting in a basement, surrounded with computer screens and green text. Cue to a closeup of the hacker furiously typing while green text scrolls down the monitor at an equally rapid rate. Suddenly, we hear a ping and an excessively large notification window appears, signaling that the hacker has succeeded. Depending on the movie, the hacker will use his powers for either good or evil.

While we may view scenes like this with a certain mix of humor and nostalgia, many people and businesses today take seriously the issue of unauthorized access to sensitive information (the technical definition of “hacking”). These concerns are not unwarranted – data breaches caused by hacking cost companies an average of 1.41 million dollars. Law firms are not excluded from this. After all, law is business and law firms are in the business of representing other businesses. Cyber attackers target sensitive information of businesses– who presents a better target for cyber threats than the law firms which represent these corporate victims in highly lucrative legal matters?

A recent report of data breaches involving more than 100 law firms, including V50 firms, highlights the increasing risks law firms face in today’s digital world. To top it off, this is not an exhaustive list - cybersecurity experts warn that the actual number is a lot higher, and expected to increase rapidly. This is due in part, to the increasingly sophisticated nature of today’s cyber attackers. Unlike the fictionalized attacker in the example above, today’s threats can come from a variety of capable sources. Gone are the days of a single, hoodie-clad hacker working in an isolated basement. Today’s threats may come from entire teams of cyber criminals, backed by the resources and capabilities of nation-states.

I work in a law firm. What can I do to secure my firm’s operations?

Start by prioritizing cybersecurity. Ramp up efforts to ensure every member of the firm receives adequate cybersecurity training as a part of your overall strategy. Remember, attackers know to target the “gatekeepers” of your firm – the ones with access to your firm’s most valuable information. Depending on your firm structure, this may be a partner, HR personnel, or a lawyer working on a highly lucrative case.

To address the technical aspects of cybersecurity, consider following a firm-wide information security framework, such as NIST/ISO or Cobit, that your firm will adhere to. You may consider outsourcing your cybersecurity needs. Consider the following aspects of your firm before deciding whether to outsource: budget, complexity of your firm, the amount of critical information your firm handles, and how your partners perceive risk to your firm. If any of these issues are concerning, you may consider a dedicated internal resource bolstered by strategic external support. Additionally, law firms should ensure cybersecurity practices of third-party vendors are properly vetted. Consider contractually ensuring your vendors adhere to the same security standards and frameworks as your firm, or at least a “commercially reasonable” standard.

If this sounds like a massive undertaking – do not worry. A security strategist who can help navigate the many aspects of a law firm’s operations is where our expertise is useful. We can help you become the hero of your law firm, take charge of cybersecurity and put everyone’s minds at ease so you can focus on providing the best possible results for your clients.

To learn more about our cybersecurity services for the legal industry, contact us to schedule a call. We’re here to help.