The experts at Legal Workspace share important information about cybersecurity, and how your firm can be better protected from various cyber attacks.
Stressing about a cyber attack probably isn’t part of your usual day-to-day.
When the thought does cross your mind you might think to yourself, “That kind of thing only happens to large firms who are handling massive cases, not to me and my solo firm.”
Unfortunately, this is not the case. According to tech consultant Adriana Linares, 80% of law firms have been hacked, and the other 20% are either lying or don’t know about it.
To help you be better informed, we interviewed the cybersecurity gurus at Legal Workspace, to get their input on whether or not your firm is at risk of a cyber attack, and how to make sure your confidential data stays that way.
LFS: Many big law firms are experiencing security breaches; are solo and small firms being targeted as much as the much larger, richer firms?
Legal Workspace: Yes, all law firms collect and store a myriad of client and financial data, making them attractive targets for cyber attackers. For example, a large law firm handling a merger might be targeted by someone who wants insider information in order to buy or sell stock, but small firms may also be targeted if they store clients’ personal financial information or social security numbers. Not all cyber attacks target complex data — even basic client data is often targeted.
LFS: Many solo or small firm lawyers might not fully understand the implications of a breach in their cybersecurity. Why should small firm lawyers take cybersecurity seriously?
Legal Workspace: Data breaches erode the foundation of attorney-client privilege by exposing sensitive data solely entrusted to law firms. Lawyers have a duty to take reasonable precautions to protect confidential data. Therefore, securing and protecting privileged information is of the utmost importance for all firms.
LFS: How much do firms stand to lose?
Legal Workspace: Failure to reasonably protect client data can result in various consequences depending on the data lost. Not only could you face fines and run the risk of being sued for malpractice, but, law firms can also experience a partial or complete loss of clients after a data breach. It is very difficult to restore a tarnished reputation in the age of online background checks and archived news articles.
LFS: What are some of the most common mistakes you see solo or small firm attorneys make with regards to cybersecurity?
Legal Workspace: Storing unencrypted client data on a laptop or mobile device. Laptops, tablets and phones are prime targets for thieves. They contain almost anything a thief needs to harm your practice – client files, financial information, passwords and personal data. Thieves can auction off the information, use it themselves or can simply sell the device – putting your firm at risk from other unauthorized individuals.
LFS: How much time does it take to implement successful cybersecurity techniques?
Legal Workspace: It really depends on the level of security desired. If a firm hires a local IT team it can take anywhere from a few weeks to a few months to get basic security procedures installed and functioning. Legal Workspace uses a three step migration process which typically takes about one week.
LFS: Do many lawyers make similar mistakes because they are uninformed about cybersecurity best practices, or could it be another reason such as high cost or not enough time?
Legal Workspace: The reasons for mistakes vary. Cybersecurity is very complex and lawyers went to law school to practice law, not to become IT administrators. We’ve seen a lot of partners wasting billable time implementing IT solutions. For solo lawyers and smaller firms, cost is usually the main deterrent to implementing professional cybersecurity measures.
LFS: On average how much should a solo or small firm expect to pay to ensure their data is safe?
Legal Workspace: There are many factors that determine the cost of cybersecurity, and the price a firm pays varies from practice-to-practice. Lawyers have often been victims of phishing scams, breaches and hacks, and as a result attorneys are now setting the bar higher for security, which can affect costs industry wide.
LFS: Most solo and small firm lawyers don’t have a big budget to hire an IT person. Is it worth the investment to hire someone or can a lawyer affordably handle their own cybersecurity themselves?
Legal Workspace: We’ve found that many firms have fluctuating IT needs. One month they may need a whole team of IT professionals, while the next month they may not need any IT help at all. It is important to find a trusted vendor who can assist with their fluctuating needs and keep up with compliance requirements. It’s hard for just one IT person to keep up with emerging threats.
LFS: Are there certain practice areas that are more vulnerable to a hack than others? For example, are hackers more interested in business lawyers because they can use information for insider trading or is any practice equally at risk?
Legal Workspace: Every firm needs to understand the risks ransomware attacks pose and take steps to minimize them. Not all cyberattacks target large firms— even small firms with basic client data can be targeted. Think about all of the data collected during divorces, malpractice lawsuits or immigration matters. All data is valuable and worth protecting.
LFS: For someone who isn’t very computer savvy, “cybersecurity” sounds like an intimidating word. Maybe they know they should take precautions, but it sounds overwhelming. What advice do you have for solos who are frightened by cybersecurity and reluctant to deal with it?
Legal Workspace: The best offense is a good defense – and a good cybersecurity and IT plan is worth its weight in gold. In the event of a ransomware attack, if you have the option of paying hackers a lot of money, or simply restoring from files that have been backed up, both the choice and reasons for improving cybersecurity become obvious. Intrusion detection and prevention systems, and enterprise-grade firewalls will protect your data while consistent backups make data recovery simple if files are lost, stolen or even destroyed from a natural disaster.
LFS: How is a company like yours different from an online file storage company like Dropbox or Google Drive?
Legal Workspace: As tempting as iCloud, Google Drive, Dropbox, or other sites may be, lawyers need to do their research first before uploading their important, confidential, or privileged information to these types of free and low-cost services. Many of these sites are geared toward consumers, not law firms. Such sites may lack key security provisions, and it may not be clear where the data resides or whether users surrender their ownership rights to information in that particular cloud.
While free or cheap cloud providers may seem like a bargain in the short term, they can be very costly in the long run if data is left vulnerable or lawyers have unwittingly surrendered their ownership rights to their own information. Law firms would be better off paying a little more for legal-specific cloud providers to get the security and peace of mind they need.
The risks of ignoring cybersecurity are clear. Lawyers and law firms are prime targets for cyber attacks, so don’t put the digital security of your firm on the back burner. Make sure you have the right protection systems in place, and use these recommendations to make sure your firm is prepared to weather any cyber attack.
Background on Legal Workspace:
Legal Workspace is a cloud-based environment that hosts all software applications and stores data for law firms. Its unique BYOD (bring your own device) platform allows firms to work from anywhere using any device. Legal Workspace continually updates software and hardware so firms are always working with the most secure versions. Redundant enterprise-level firewalls, encryption, and secure, temperature-controlled US data centers with backup generators make data security stronger than a law firm could implement locally. Legal Workspace’s cloud is so secure, law firms easily pass compliance and security audits required by top-tier, high-security clients in the medical, financial, and governmental industries. Having a secure IT foundation is important to businesses wishing to land big deals and compete in corporate counsel bids.