Law firms are often in possession of sensitive data. High stakes are involved— privileged documents, trade secrets, business transaction records — all precious information that hackers would love to get their hands on.
Firms of all types and sizes are now a main target for hackers and cyber criminals. To compound matters, recent studies have revealed that even some larger law firms are ill-equipped to prevent and manage law firm data breaches.
Many Law Firms Unprepared to Meet Cybersecurity Demands
An ALM Legal Intelligence report,“Cybersecurity and Law Firms: Ignoring is Risk,” reveals some telling statistics:
- 22% of respondents did not have an organized plan in place to prepare for, prevent, or respond to law firm data breaches
- Nearly one third of firms have never carried out a formal assessment of security and information systems
- Only 50% of the law firms included in the study have some type of cybersecurity team in place to manage and process the complex programs needed to deal with data breaches
- About a third of the law firms did not hold cyber liability insurance policies
With regards to corporate counsel and cybersecurity, the report also stated:
- 95% of corporate counsel who responded agreed that cyber attacks are becoming more frequent
- A mere 6% of respondents said their company cybersecurity teams included board members; only 3% stated that outside counsel were represented. This could indicate that corporate cybersecurity teams are lacking in scope
- Only 49% of firms require third parties to carry cyber liability insurance
- 27% surveyed said that their firms do not conduct cybersecurity tests regularly
Negative Consequences of a Law Firm Data Breach
A law firm data breach can result in a spiral of losses. A recent ransomware attack shut down a major global law firm in 2017. It is estimated that the incident cost the firm well over $500,000 a day in billable hours in one office alone. The firm had to shut down email, phone, and internal computer systems for nearly a week. As a result, they had to request extensions in at least five different cases.
Another firm fell victim to a ransomware attack and had to sue its insurance carrier to cover nearly $700,000 in lost billings. Perhaps even more daunting is the tedious process that this particular firm had go through just to recover its lost data. Documents were held in ransom for over three months, preventing the firm’s attorneys from making progress on their cases.
What’s worse, a law firm data breach can result in additional legal issues for the breach. In a January 2018 filing, a Florida real estate firm was sued, with the complaint alleging that the firm employed inadequate cybersecurity for its computer systems. This allegedly led to the fraudulent transfer of nearly one million dollars from an account belonging to the firm.
What You Can Do to Prevent a Law Firm Data Breach
Part of the problem is that too many law firms have a reactive stance on cybersecurity, rather than a proactive one. Firms tend to bring in cybersecurity experts only after a breach, when there are already clear issues involving legal liabilities and loss control. At this point, it’s already too late. Cybersecurity preparedness needs to be enforced from the outset, and it should be built into firm operating procedures and policies.
Here are some of the most important steps that law firms should address:
- Keep operating systems updated
While this may seem basic, keeping internal operating systems updated can help prevent security vulnerabilities. Make sure your firm makes updates as soon as they’re available.
- Use encryption
The benefits of encrypting data are enormous, and the associated costs are negligible. Encryption allows your content to be unreadable without a login and password. This is especially important for data that must remain confidential at all times.
- Use password managers
These can help set strong passwords. Human-generated passwords can be weak and predictable. Password managers also allow for managing login credentials for multiple accounts.
- Educate employees about security
Many data security breaches are accomplished by the hacker tricking employees into performing actions like downloading an infected file, sending private data to the hacker, or disclosing login credentials. Both staff and lawyers need to be able to spot red flags and react accordingly.
- Review your security insurance coverage
Cyber liability insurance is relatively new, and many major insurance companies don’t include data breaches and other cyber attacks in their coverage.
- Get an incident response plan with action steps in place
The firm should have a plan in place if a breach does occur. Key employees and staff members should know what their role is. The plan should also include measures for reporting and disclosing the breach.
- Conduct regular cybersecurity assessments
Hacking methods and security tools are constantly changing and updating; prevent breaches by staying on top of the game.
Strong Cybersecurity as a Marketing Point for Law Firms
Strong cybersecurity can actually be touted as a benefit for clients. A firm that has cutting edge cybersecurity software, a dedicated team for managing risks and threats, and solid cybersecurity measures in place is much more attractive to a potential client than an unprepared law firm. These types of strengths can be emphasized to make the firm stand apart from the competition.
Work with a Dedicated Cybersecurity Team
As marketers, we understand the importance of how a brand appears to the public, and what types of connotations the public makes with that brand. One of the things that can cause clients to lose faith in a law firm is a cyber attack.
That’s why we work directly with industry leaders in the cybersecurity space. Skilled cybersecurity teams can help a law firm get and stay protected, and can identify potential vulnerabilities. They can also assist with team training and education, and can revise company policies and implementation procedures.
Get in touch with us today and connect with our network of professionals, which includes some of the cybersecurity industry’s leading experts. Let’s get started on a comprehensive marketing and business strategy that boosts your firm’s revenue and mitigates risk.