The past several years have seen headline after headline about massive data breaches at hospitals, financial institutions and major retailers. However, law firms are hardly immune. And, it is not just the big firms that are at risk — law firms of all sizes have sensitive information that make them vulnerable.
With security now ranking as yet another factor potential clients consider when selecting or remaining with a legal service provider, you cannot afford to cross your fingers and hope for the best. The following are just some of the steps your firm can take to reduce the risk of devastating breaches.
Encryption is best understood as a program that scrambles files to leave them unreadable to anyone who cannot provide a unique “key” to open them. At the very least, your firm should routinely encrypt information stored on servers, desktops, laptops, portable media and mobile devices.
Encryption is particularly critical for confidential information. Consider this: Security experts have compared sending unencrypted confidential material over a network with mailing the information on a postcard.
Rather than directly attacking a firm’s servers, hackers are most likely to target its employees’ computers. They often use phishing schemes, for example, to gain access by inducing an employee to click on a link or file that unleashes malware. It only takes one untrained employee to open the door to a far-reaching breach.
Attorneys and staff need ongoing training about the threats they face, potential costs of letting down their guard and steps they should take to prevent or detect breaches. They must understand all relevant policies and procedures — for example, on using firm computers and devices for personal browsing or posting to social media — and do their part to maintain a culture of vigilance.
- Cyber Liability Insurance
All the security measures in the world cannot guarantee that a hacker will not find a way in, especially with the rapid development and deployment of technological work-arounds.
According to a study by data security research organization Ponemon Institute, the average total cost of a data breach has reached $3.8 million. This includes costs related to investigating and remedying the cause, complying with notification requirements, litigation, fines and penalties, and public relations. So, cyber liability insurance should be a no-brainer — especially when you consider that insurers have begun to exclude electronic data losses from their traditional liability policies.
- Response Plans
A general disaster recovery plan is not enough to deal with the wake of a data breach. Your firm also needs specific policies dealing with cyber security issues. The policy should detail how your firm will respond to a breach, leak or other compromise of confidential or sensitive information, including who will be notified, the actions that will be taken to protect data and the investigation process.
Cyber security experts agree that, for many law firms, it is not a matter of if they will be targeted, but when. By taking some simple precautions, you can improve your odds of avoiding an attack.