Our law firm clients are scared—and they should be. It’s a scary, data-filled world and they want to know how Optimal recommends protecting that data. They also want to know what exactly it is they should be scared of: what are the top cybersecurity threats to law firms?
Given that in 2014 cybercrime incidences increased by 10.4% over 2013 numbers*, we spend a lot of time strategically advising our clients about how to protect their networks. In fact, we’ve been asked about this so many times that cybersecurity took the #1 slot in our biannual tech trends brief.
Organized hackers are seeking high-reputation and resource-rich assets. And they are targeting law firms with a vengeance because access to law firm data is hitting the data jackpot.
What are cybercriminals after when they target law firms?
- Patent and insider deal (M&A) information
- Healthcare data
- Case and/or litigation strategy information
- Confidential client business trajectory information
- Attorney-client privileged communications
- Personally Identifiable Information (PII) for employees, clients, and vendors
- Financial information, including credit card numbers and PIN numbers.
What are the top cybersecurity threats to law firms? (How are cybercriminals getting in?)
By far the largest threats to the security of law firms live within the firms themselves; not prioritizing data and network security, and having insufficient security measures and policies in place is what really makes firms vulnerable to attack.
In Cisco Systems Inc.’s 2015 Annual Security Report, law firms were ranked as the seventh most-vulnerable industry. However, many law firms don’t yet appear to appreciate that they are popular targets.
Take a look at the results from a 2013 ILTA survey and you’ll see what we mean:
- 76% of law firms surveyed did not require two-factor identification
- 72% did not issue encrypted USB drives
- 64% did not automatically encrypt content-based emails
- 56% did not encrypt laptops
- 90% did not employ any laptop tracking technology
- 64% had no intrusion prevention tools in place.
It’s precisely these kind of oversights that can lead to compromised data, and all of the repercussions therein.
What can law firms do to better protect themselves?
Make cybersecurity a top firm priority. Know that you are now the target—and that the attack can come from across the world or across the hall. Ask yourself if your security measures and policies are sufficient. (Wondering how to do this? Check out this article on crafting a successful data privacy policy.) Do your policies address system usage and access, and ways to manage change? Do they provide an audit trail for you organization? Do they dictate how to handle an employee leaving or being terminated?
Evaluate your current security elements and policies by asking:
- What do we intend to protect?
- How are these elements being protected?
- Do our policies and operations support the protection of these elements?
From comprehensive firm-wide data security policies to regular security audits, preparation is the secret weapon when battling cybercrime. And, robust security policies could keep your firm in business. A recent 2014 IBM Data Breach Statistics Report revealed the staggering financial consequences of a breach: an organization loses, on average, 29% of market mindshare due to reputation and brand damage, 21% of potential revenue due to lost productivity, and 19% of direct revenue.
A cybercrime directed at your firm can affect everything from business continuity and firm longevity to client and prospect confidence; security now deserves a seat at the partner’s table.
*The Ponemon Institute’s 2014 Global Report on the Cost of Cybercrime