Cybersecurity: Legal technology enhances firm security and boosts productivity
By Carl Mazzanti
A series of class action lawsuits filed against an array of large and smaller firms alleging they did not properly guard against cybersecurity attacks highlights the fact that size does not matter to hackers. Firms of all sizes are all targets for bad actors, since they have digital files containing intellectual property, personally identifiable information, and other sensitive data. And the added resources that large firms enjoy do not deter criminals from staging successful attacks.
The challenges law firms face are baked into their very nature: To practice effectively, attorneys need access to sensitive data that must be safeguarded, but at the same time, effectively representing clients means attorneys have to share some data with their firm colleagues and outside specialists. This can create an array of Swiss cheese-like holes that provide cyber criminals with multiple entry points.
But legal practices that work with experienced cybersecurity consultants can enhance their digital defenses while realizing a bonus: they can also boost productivity.
Automate where possible
Firms should utilize cybersecurity automation, since doing so reduces the chance of human error creeping in. Such an initiative typically includes automating mundane tasks like patching updates, and more sophisticated ones like file-integrity monitoring.
And because bad actors automate their attacks, companies need to automate their own threat detection and response tools. When properly managed, cybersecurity solutions powered by artificial intelligence and machine learning can anticipate and address issues before they cause damage.
Still, no single security solution will provide all the necessary protection, so firms should implement additional defenses like firewalls or network security devices that monitor traffic to or from a firm’s network, automatically allowing or blocking traffic based on a defined set of security rules. They may also consider multi-factor authentication, which adds a multi-step account login process that requires users to enter information beyond a password. For example, a user may be asked to enter a code sent to their email or mobile device or answer a secret question.
Other security layers — email filtering, web filtering, and geo-blocking — can help to block malware from entering a firm’s system. Email filtering allows software to independently analyze incoming emails for red flags that can signal spam or phishing content and will automatically move those emails to a separate folder where they can be safely examined.
Geo-blocking can help to stop bad actors at the door. This feature allows firms to block access from specific countries by using firewall settings or geo-based policies in Microsoft 365. For example, unless a firm represents clients in Russia, inbound requests from Russian sources can be blocked off.
Web filters can be used to boost employee productivity while protecting a network. They can block or warn employees attempting to visit malware-laden websites, or restrict traffic to social media platforms and other websites that distract employees and gobble up their time.
Other defenses include regular data backups and targeted security training. Access to data should also be limited to necessary users, particularly in a remote work environment. And because the cybersecurity environment changes almost daily — with new external threats emerging even as internal changes increase risk — cybersecurity reviews are a vital defense component.
Firms can begin with an initial assessment of their technology environment, and then periodically conduct security assessments to identify vulnerabilities as circumstances change, highlighting risky password practices or identifying places where unauthorized persons can gain access. To take the assessment a step further, firms can conduct a penetration test, where an expert will simulate an attack and identify weaknesses.
Automation can deliver productivity gains. Updating the billing system, for example, can improve accuracy, while saving attorneys and staff hours that would otherwise be consumed reviewing time and expense reports and preparing invoices.
Productivity can also be accelerated with eDiscovery technology, which allows firms to speed up the process of reviewing documents and preparing cases without sacrificing quality. And services that enable users to connect to and use cloud-based apps over the Internet mean that even small- to midsize firms can bring eDiscovery in-house, saving time and increasing security.
When lawyers can work securely, flexibly, and efficiently regardless of their location, firms and their clients will benefit. Lawyers can focus on billable activity while clients benefit from better organization of cases and transparency in the billing process. Firms that invest in automation and security typically realize a robust ROI, and operate more efficiently while attracting and retaining clients who appreciate the attention to detail, the firm’s productivity, and the ability to safeguard their sensitive information.
Carl Mazzanti is president of eMazzanti Technologies, a cybersecurity and IT support organization based in Hoboken, NJ. The company can be reached at [email protected].