Saved client data can make firms a target
The sensitive and often personal data that law firms typically retain make them juicy targets for cybercriminals. In 2021, according to an ABA report, 25 percent of respondents reported their firms had experienced a data breach at some point. The fallout can mean more than costly fines or lawsuits; breaches can reduce the trust clients place in a firm. There are numerous defenses that firms can mount against this evolving threat, but unfortunately, one of the simplest and most often neglected defenses is staying current on software and other patches.
Patches — or updates that software or operating system vendors issue to fix performance bugs or to provide enhanced security features — are usually available without added charge and the installation and updates typically do not interfere with ongoing operations. But despite the ease of installation, many law firms and other enterprises do not bother to stay current. The results can be dramatic, as demonstrated by one of many attacks — the global WannaCry ransomware “crypto worm” that penetrated more than 200,000 computers running Windows across 150 countries in a matter of hours in 2017.
After infecting a device, WannaCry encrypted data and demanded ransom payments estimated to total billions of dollars. The kicker was that Microsoft had already identified the vulnerability and issued a security patch months before the attack, but many Windows users simply had not bothered to download and install the updates.
There is no question that law firms, particularly solos and other smaller practices, are busy and would rather spend their time on billable matters; but that excuse won’t matter to clients who question why their trusted adviser’s systems were compromised. In fact, there really is no excuse for missing out on patch updates, especially since many outsourced IT support providers offer packages that can automate the process of hunting for and installing them.
And that is just the beginning. Sophisticated automated agents can also monitor a firm’s cyber systems and devices for compliance, address a host of issues, and alert IT support providers about any problems so they can be addressed. Customized patch solutions can also be designed with such features. An audit tool can create a list of all the software residing on a system; a regression tool can check for patches and downloads and install them; and other tools can monitor for compliance — an important step because even if a patch is downloaded on time, a sophisticated attacker may be able to disable it without any obvious warning signs.
Despite the danger that hackers represent, these kinds of cyber security managed services solutions often fly under the radar of law firms, primarily because initiatives like establishing basic security protocols are not “glamorous” enough to attract a partner’s attention, until something goes wrong. Then, suddenly, it becomes a top priority. But firms that want to limit their exposure to cybercrime will stay on top of their patches, either manually or with an automated tool, and will likely avoid a lot of unnecessary “cleanup expenses” while continuing to enhance their reputation.
Carl Mazzanti is president of eMazzanti Technologies, a cyber security and IT support organization based in Hoboken, NJ. The company can be reached at [email protected].
Share this story, choose a platform
Brought to you by BridgeTower Media
Free Weekly Newsletter
Recommended content
Complete Communicator: Daily habits to deepen your firm’s bench strength
Complete Communicator: Daily habits to deepen your firm’s bench strength By Jay Sullivan As lawyers, we’re not in the legal [...]
Lawyer conflict checks: Five tips to tune up your process
Thoroughly screening clients at the in-take stage for potential conflicts of interest can spare a firm ethical or legal problems [...]
Cybersecurity risk called a human issue, not a technical problem
Experts say an attack succeeds largely because people think, “That’s never going to happen.” And then it does. Read more [...]
Four mistakes lawyers make with social media
Social media is crucial to winning and retaining legal clients, but it takes persistence and consistency to do it right. [...]