Cyber Security: Taming the Wild West of law firm cyber security

By Carl Mazzanti

Here is a worrying statistic: More than 750,000 Americans had personal information compromised in law firm hacks since 2020, according to public data. High numbers like this indicate that many attorneys, from solos to large firms, could face class-action lawsuits that can deplete finances and harm reputations.

In November 2023, a cyberattack hit the global firm Cadwalader, Wickersham & Taft and  reportedly caused problems with email, wi-fi, and other operations for an extended period. It illustrated how vulnerable even a big firm can be to hackers.

Getting attacked is inevitable, but firms that engage an experienced cyber security provider early can strengthen their defenses against hackers and reduce their chances of being victimized. This partnership involves using artificial intelligence, software, training, and risk management tools to help build a strong barrier against cyber threats. A cyber security provider can assess risks tailored to the needs and vulnerabilities of law firms by examining their structure, tools, processes, and employees. A cyber protection strategy allows for the wisest use of firms’ resources to focus on fixing their most important weaknesses.

An ongoing commitment

Cyber security is not a one-off shelf item. Instead, it is an ongoing process that starts with a commitment by management and is infused throughout the organization. A law firm’s cyber safety plan should start with a review of its computers and programs, followed by taking steps to organize and secure client and firm information.

Additionally, firms need to look for weak spots that hackers could exploit, so a cyber security plan should include training on identifying threats, and how to use various methods to confirm identity. Additionally, an effective initiative will address password management and oversight of third-party vendors. The plan should involve testing data backups and encrypting data both at rest and in transit; lastly, it should include obtaining cyber security insurance to help transfer risk if hacks occur.

Cloud concerns

Storing data in the cloud can also be important for cyber security. However, companies should be aware that this does not always ensure data safety. Cloud storage does allow authorized users to access data from anywhere, protects it from damage or hacking, and helps companies increase storage space without purchasing new equipment and makes updating easier and faster.

But the security of cloud-stored data is only as good as the policies of the cloud provider. Many contracts have clauses that protect cloud providers from liability should a cyber attack occur, so firms and their cyber security partners should ask cloud providers about their safety measures to ensure protection.

Another threat vector has arisen as more employees are working remotely, using personal devices instead of company-provided ones. Laptops, phones, and other devices that are not monitored by a company’s IT department can pose security risks, so firms should talk to their cyber security partner about creating rules for using personal devices to reduce hacking risks. Such rules should restrict employee access to important data and provide instructions for reporting lost or stolen devices. This can help prevent damage to the company’s reputation, in addition to minimizing legal issues and financial losses.

Policies should also cover training employees on keeping devices secure, using passwords properly, and recognizing phishing attacks. Clear responsibilities and plans should be in place to respond to a cyber incident quickly and effectively.

Compliance rules

In consultation with their cyber security partner, firms should also consider compliance with regulatory requirements and industry standards. Firms must follow different data protection laws based on where they operate and the industries they work in. The European Union, for example, requires adherence to GDPR, while in the United States, firms must comply with HIPAA for health information. Not following these rules can create legal trouble for law firms and the loss of clients’ trust and confidence.

Today, information is valuable, and law firms store a lot of it. To protect sensitive information, firms need a planned cyber security response that should be regularly checked and adjusted as necessary. A skilled cyber security provider can help firms protect both their data and their reputations.

 

Carl Mazzanti is president of eMazzanti Technologies,  a cyber security and IT support organization based in Hoboken, NJ. The company can be reached at [email protected].