Over the past few weeks we’ve talked to a few local law firms about the state of their IT, and these conversations got me thinking. Even with the amount of data these firms, and firms all over the country, have access to, many aren’t where they should be when it comes to actually protecting that data.
It’s always important as a business owner to remember that you’re never too small to be a target, Stephen Zetzer wrote in his survey for americanbar.org that “hackers are actively targeting these smaller professional services firms specifically to gather intelligence about their clients.” In addition, Zetzer’s survey also had firms rate their perceived preparedness on a scale of 1-10:
- In regards to their overall preparedness in regards to cybersecurity the average response was a 3.5.
- In regards to their preparedness for hackers and malware the average response was 3.4.
- In regards to their ability to prevent ransomware the average response was 4.1.
Even with these low rankings “only 10 percent reported seeking advice from vendors or security professionals.”
So why is this important? Other than stories like the Panama Papers Breach, where 40 years of data and 11.5 million documents were released, this research study from Accenture shows that in the last year alone, services firms have lost around 11 million due to cyber crime. A cyber attack results in downtime, with an average of 46 days to partially resolve the issue, an average costs of $973,130 for an individual business, and a loss of customers with 76% of individuals saying that they would stop using companies with a history of cyber attacks.
With all of this data on why it’s so important to protect your business, why wouldn’t you do everything you could? Well, many firm simply don’t know where to start. While we always advise calling a company that specializes in making sure your business is secure, we’ve put together a few things you should be thinking about when it comes to cyber security in your law firm.
The last two years during National Cyber Security Awareness Month we discussed the importance of having cyber aware employees and how to develop a cybersecurity training plan for your office. According to Mark Rasch in an article on ABA Journal “Phishing is the No. 1, No. 2, and No.3 threat for law firms.” Having employees who know how to spot these attempts and report them to the correct people in your company can make a world of difference.
Keeping Hardware and Software up to Date
We talk about this on a constant basis with prospective and current clients. Adequate cyber security has a lot to do with the state of your systems, it’s important to make sure your hardware is in warranty and all your software is running the newest version. It may seem like a painful expense to update hardware but it’s an investment into the future safety of your firm. Software updates are equally important, so much so that we have a whole post on why you should stop ignoring your update notifications, but essentially these updates keep your devices and network safe from the newest known vulnerabilities.
Mobile Device Management
According to Law Technology Today “even among lawyers who do have private offices, 77% regularly work from home, 33% while traveling, and 205 regularly work from clients’ or opposing counsel's office or from court.” It is for this reason, combined with the amount of client data firms have access to on their mobile devices and laptops, that having a mobile device management solution in place, is a critical part of your cyber security plan. We go into a lot of detail about what MDM is, and how to accomplish it in your company in our Mobile Device Management post, but this is how you protect devices against hackers, breaches and malicious intrusions. MDM also gives you the ability to wipe confidential information from the device should it be left in one of those client offices, courtrooms, a different state, or if it’s stolen.
The bottom line is that if your firm has access to sensitive, private, client date you have a responsibility to ensure that it’s safe, meaning cybersecurity is something you should definitely be taking seriously. If you’re one of those firms that doesn’t know where to start and is ready to make sure you’re secure, please reach out! We would love to help!