In 2019, most of the law firms we work with store much of their business information, including client information and legal documents, on their company servers or within their cloud. Although none of us want to think about it, have you considered what a cyber-attack could do to your law practice? A data breach could potentially not only cost you and your law firm time but also money and reputation.
Unfortunately, cyber attacks are more prevalent than ever.
In fact, research tells us that “… since January 1, 2016, more than 4,000 ransomware attacks have occurred on a daily basis (on average). That is a 300 percent increase from 2015, when 1,000 attacks occurred daily.”
What is the cause of these cyber attacks? Is there something we can do to protect our law firms? Are these threats internal or external? These are the questions we need to be asking ourselves as we endeavor to be intentional about our law firm technology policies.
While it may be uncomfortable to think about, we also need to determine if the real result is within our firm, originating with our own employees. This is not just an issue that law firms face, however, as industry experts agreed “more than 40% of senior executives and small business owners report that employee negligence or accidental loss was the root cause of their most recent data security breach.”
If these cyber attacks originate in house, we need to ask the very important question: Why?
Is it the lack of attention to detail on behalf of our employees? Are all of us too busy to make an effort to stay up-to-date on patches, software fixes, and avoidance of dangerous email? Do we take proactive steps to train our employees on cyber risks and how to avoid them? Or, although it is terrifying to think about, are your employees actively making your company vulnerable to data breaches?
As you work to minimize the risk of a cyber-attack in your law firm, you must come to terms with the fact that your employees may play a role in putting your company in jeopardy.
The truth is, security measures do not have to be complicated to be effective. For example, leaving an unlocked laptop out at the end of the day is an easy way for a security breach to happen. It can be avoided with the simple security measure of always locking law firm devices at the end of the work day.
Another example is outlining how communication will be managed in your firm. In other words, do you share important internal data or have vital internal conversations over email or face-to-face? You may want to rethink how you communicate in light of the 2016 scam at Snapchat. Snapchat experienced the impact of employee vulnerability when a hacker pretended to be the company’s CEO, Evan Spiegel, and sent an email to an employee requesting payroll information. The employee fell for the scam, causing Snapchat to face a data breach that included the release of 700 employees’ information.
How can you reduce the risk of your employees falling for scams or forgetting simple things such as locking their laptops or being victims of cyber terrorism? The simple answer is to be intentional in your cyber training policies. From employees securing important information on laptops and cell phones, even when they are on a coffee break, to putting policies in place that limit access to hardware and data, or just maintaining different levels of internet access, all of these procedures should be outlined in your law practice’s Tech Handbook and training should be offered frequently.
The key is to take action. Do not wait to put secure policies in place today to ensure that you are limiting the risk associated with your employees and cyber-attacks in your law firm. We know this can be hard to start and even harder to work through. Remember, we are here as a resource for you. Do not hesitate to contact us with your questions so we can help you reach your goals for cyber security in your law firm.