Why Law Firms Need Cybersecurity
Yes, you too have data cybercrooks want. Here are some ways to protect yourself — and your clients.
We’ve all heard about the online data breaches like those that hit retailers Target and The Home Depot. Millions of customer credit records were stolen, costing the companies huge losses and their brands untold embarrassment.
But what would happen if your firm suffered a breach?
You might be thinking: Do I look like a Target? And it’s true that retailers, healthcare entities, banks and other financial services businesses remain cyber attackers’ most likely and most lucrative targets.
But law firms also have data that crooks want. It might be financial information and client data. You might have copies of client medical records on your computers. And needless to say, you don’t want sensitive documents – such as patents and client tax returns – about a case or other attorney-client privileged communications falling into unfriendly hands.
The fact is, there is an exploding global market for this information. Crooks worldwide are selling this information to identity thieves or people who want to get a way into a person’s bank account—or the person’s bank, period. Or they might use this information themselves to your clients’ competitors.
What’s more, law firms have been attacked numerous times in the past five years. At the same time, industry research such as the ABA Legal Technology Survey and the work of the International Legal Technology Association reveal that attorneys have been slow to follow best data security practices.
Think you’re safe from hackers? You might have Norton anti-virus protection on your firm’s computers. That’s a good thing. But don’t be lulled into believing Norton or any other digital protection means you can rest easy. Cybercrime experts are saying that international cybercriminals have become so widespread and so sophisticated and so lucrative that absolute security is impossible.
Still, there are some basic rules you can follow to make sure your firm’s valuable digital information doesn’t fall into bad guys’ hands.
Some rules are very basic: Don’t leave your laptop, tablet or even smartphone around where someone can make off with it. This seems breathtakingly obvious. But cybersecurity experts say you’d be surprised how often crooks are able to snatch these up.
Another tried-and-true, and very simple, strategy: Don’t click on links in emails you don’t recognize. This has gotten trickier with the rise of phishing. Cybercriminals are able to send emails from, say, your bank that look absolutely legit. But if that email is asking you to (for instance) identify yourself via your account number, best to check with the institution by phone first.
Another very simple strategy that most firms, surprisingly, don’t also follow rigorously is encrypting their computers and access to their digital data.
These are some simple precautions, and they’re just the start of a cybersecurity discipline all firms, whatever their size, should establish. The ABA provides useful guidelines, as can your IT consultant.
These days, any business is a cybercrime target. Data is gold. And law firms have this kind of treasure in abundance.