Cyber attack is a major risk for today’s law firms as cybercriminals target law firms in a multi-billion dollar industry that has lead to a fast-growing cyber industry, which remains a sensitive area to talk about for lawyers and businesses alike.
But as the cyber crime business grows, the urgent need for law firms to target cybersecurity risk has become equally urgent.
And clients are seeking the assurance that lawyers will take the risk seriously.
Clients are now seeking greater urgency in what law firms and in-house legal departments are doing to ensure they are protected from cyber attack.
Further, as law firms provide services to a range of clients, often changing and shifting in their alliances, so too does the risk of having someone leave the law firm with firm and/or client data, which may be very difficult for the firm to detect.
Law firms provide a vault-load of valuable, sensitive information relating to corporations, governments, individuals and others. Many lawyers fail to realize that their sensitive information can be exposed to breach and intrusion particularly as there are increased breaches
As Bloomberg News report that a corporation can ask a law firm to take the assessment, which gives it a score and remediation advice, which provides a score used to compare firms.
Companies and law firms need to create a culture of security and act now, says David Shonka, acting general counsel of the Federal Trade Commission.
“The answer is to think ahead of time,” says Shonka said. “Plan things.”
Fast-Growth Business
US research shows that the cybersecurity business is one of the fastest-growing in the world, worth over $230 billion by 2022.
Crystal Market Research shows a less impressive but still heady market by 2022 of over $173 billion and Gartner Inc show that this year cybersecurity research would reach over $96 billion.
What should law firms be doing to protect themselves from cyberattack?
IT Security Central asked some of the top cyber security experts in the US what law firms should be doing to protect themselves from cyber attack and/or data breaches.
We’ve looked at five of the top, key suggestions.
Obtain Help
Cyber experts say the best thing they can do is get outside experts to provide vulnerability
assessments to see where they are at risk. The costs of having an assessment will vary depending upon the complexity of the firm’s computer systems and will range from fixed fee amounts to hourly rates.
For firms the vulnerability assessments are privileged so they can’t be used against the firm in court by invoking lawyer-client privilege.
What are some of the things firms can do now to avoid attack or major data loss?
1. Data Loss Prevention
Implementing a data loss prevention (DLP) plan is a key way to ensure the firm tracks and prevents access to data so as to protect the firm and its clients.
DLP solutions have become increasingly effective and also provide a more affordable option which opens the door for smaller law firms to use their software to implement the protection in a highly affordable manner.
2. Train staff in Security Awareness.
Security awareness training for users should be ongoing and mandatory as part of every firm’s IT Security Policy.
Training staff to recognize signs of attack is a key factor. Ensuring law firms have appropriate cyber security is part of what it costs to do business. Remember that many firms are hacked without even knowing it and employees can click on things that appear familiar. Building a ‘security awareness’ is part of the key towards avoiding data breaches or cyber attack.
Phishing attacks are also common and need to be guarded against by employing phishing simulation to make staff aware of what is happening with increasing frequency.