10.04.2020 5 ways to build a more secure law firm today

by Field Effect

Get protected, simply and easily

Keeping your law firm — and your reputation — secure from today’s cyber threats can be overwhelming.

Yet, not prioritizing cyber security or believing a cyber attack won’t happen to your firm, are the worst things you can do.

The American Bar Association (ABA) surveyed attorneys practicing in firms of all sizes for its Legal Technology Survey Report 2019, revealing that​ ​26%​ have experienced some type of security breach. The report showed that consequences included consulting fees for repair (37%), downtime/loss of billable hours (35%), expense for replacing hardware or software (20%), destruction or loss of files (15%), notifying law enforcement of breach and notifying clients of the breach (9% each), unauthorized access to other (non-client) sensitive data (4%), and unauthorized access to sensitive client data (3%). Viruses, spyware, or malware had also infected more than one-third of systems.

The reality is that the right combination of cyber security tools and best practices will help you put a strong and resilient security defence into place.

Identify, protect, detect, respond, recover

The best place to start is by assessing what’s at stake and where the cyber security risks may exist in your network and operations. Do you understand the threats that may be targeting your firm right now? Have you identified the cyber risks that may lead to unauthorized access to your operations?

To help you start building a safer firm, let’s look at the National Institute of Standards and Technology (NIST) and its cyber security framework.​ ​Each day, our team of cyber analysts and experts at Field Effect helps businesses and organizations implement best cyber security practices using the NIST framework as a guideline, as well as other national-level cyber security policies.  We also had a hand in shaping many initiatives, including Canada’s Cyber Security Strategy.

This year,​ more than 50%​ of U.S. businesses will be using the NIST cyber security framework as a guideline to secure their operations. The NIST framework document, downloaded​ more than half a million times​ since its publication in 2014, outlines industry standards and best practices for cyber security in an effort to help organizations understand, manage and reduce their risks through customized security measures and cyber attack response and recovery strategies.

With the five elements of NIST’s cyber security framework in mind — identify, protect, detect, respond, and recover — here are a few tips to help you start securing your law firm.

Identify your risks

It starts with visibility. With full visibility across the data, devices, computers, systems, and applications within your network, you can assess your risks and just how exposed your practice is to a cyber threat.

Identifying and assessing the risks that could impact your firm are smart elements of a proactive cyber security plan. Doing a​ security assessment​, something our Field Effect team provides free-of-charge, is a good place to start. This will provide an in-depth look at your network and its behavior, identify weaknesses, vulnerabilities, and emerging threats, and anything that could lead to unauthorized access, and worse, a cyber attack.

Monitoring is another critical piece. Continual monitoring of your entire network for threats, vulnerabilities, and suspicious activity, using​ ​advanced threat monitoring and detection technology​, is a must-do. This is also a helpful measure when you consider the lawyers’ duties of competency, communication, and confidentiality that are outlined in the ​ABA Model Rules of Professional Conduct​, and require consideration of cyber security issues.

Our Field Effect​ Covalence threat monitoring solution provides comprehensive 24/7 monitoring with actionable alerts that can be set up in just 15 minutes.

Staying one step ahead is key. Research shows that​ 16%​ of small and mid-size enterprises (SMEs) admitted they had only reviewed their cyber security posture after they were hit by an attack.

Protect your firm

Put security safeguards and protection in place and start by educating and training employees about best security practices. According to recent data, ​43%​ of SME employees do not get regular security training — 8% have never received any training at all.

Use strong and unique passwords and follows guidelines for​ ​safe passwords​ (hint: the longer the better with a mix of letters, numbers and symbols).

Secure your network with strong multi-layered security, including antivirus, a​ ​firewall​, and other web protection. If one layer of security is compromised, your additional layers will ensure data stays protected. Update your software and applications regularly to reduce the risk of cyber criminals taking advantage of vulnerabilities in outdated software versions. And always back up your network data using automated backup and recovery software to keep it safe and accessible.

Detect new risks and threats

The ability to identify and detect weaknesses, vulnerabilities, and potential threats is a powerful weapon against cyber attacks.

Yet, the ABA’s Legal Technology Survey Report 2019 showed that​ ​19%​ of respondents did not know whether their firm has ever experienced a security breach. Another study revealed that​ more than two-thirds​ (69%) of SMEs haven’t documented or identified cyber security threats.

Automated, 24/7 monitoring of your network provides multiple advantages to building safer operations. It will help you stay ahead of the threats and risks that exist in your network, but also identify where you need to invest in security measures.

Our​ ​Covalence threat monitoring solution​ provides sophisticated, purpose-built monitoring capabilities, as well as automated alerts and summaries that prioritize immediate risks and measures that may be needed down the road, allowing you to better plan and budget cyber security. We call these​ ​AROs​ ​— Actions, Recommendations, or Observations — and they help law firms just like yours continually improve their security health. The best news is that Covalence is designed to be simple to use and manage, providing threat information you can easily understand and take action on.

Respond to threats

Law firms must have the ability to respond to cyber incidents and minimize the impact to their operations.

Many firms may be​ ​too busy to tackle cyber security planning, and this includes ensuring they have steps in place to respond to or manage a threat — or what the cyber security industry calls “incident response” — but this one step can help you get back into operation sooner, save your reputation, and avoid or reduce fines. This isn’t just an issue for smaller firms — in its Annual Law Firm Survey 2019, PwC showed that among UK’s top 10 and top 11-25 firms,​ ​40%​ had no executive-level risk ownership when it came to cyber security.

In a U.S. survey among SMEs, nearly half,​ 48%​, said they have no response plan for a cyber incident.

Would you know what to do if you suspect someone has unauthorized access to your systems, and potentially your data?

Recover from an attack

Effective recovery from a cyber attack is critical to restore your capabilities and any services impacted. There must be a plan in place to coordinate the activities required — including recovery of systems and data, and investigation into the attack and breach to understand how the attack happened and to help improve security in the future.

If you don’t have a recovery plan in place or don’t realize the steps to take, you’re not alone — data shows that​ 43%​ of SMEs do not have a recovery plan for a cyber security incident.

With the ABA Model Rules of Professional Conduct in mind, communications to clients and other third parties must also be part of your plan — and critical if confidential client data was compromised.

It’s important to know and follow the right steps for recovery following a cyber attack — and also understand how the attack happened so you can prevent another attack in the future.

Start securing your firm today with a free cyber security assessment

There is no time to waste. Prevention is your best defence. We can help. Easily. Simply.

Contact our cyber security experts today for a free 30-minute security assessment ​and start identifying your risks.

 

Request Demo

Fill out the form and we will send you details about our demo.