Cyber attacks and data security issues are often in the news, so often that we seem to have become numb to the problem. If a lawyer or a client’s personal information is on the internet, it’s more likely than not that someone, somewhere has it. This is why law firms must take cybersecurity seriously. The internet is vast, filled with bad actors with even worse intentions, and unfortunately, it can be all too easy for them to obtain whatever information they want.
This problem becomes even larger when technologically unsavvy users are forced to enter a digital-first world like we currently find ourselves in due to the ongoing global pandemic. Couple that with an already weak cybersecurity posture across the legal industry, and it’s a surprise that 2020 did not wreak havoc on law firm’s cyber assets.
Breaking News: Law Firm’s Historically Disregard Cybersecurity
According to a cybersecurity survey in the ABA Techreport 2020, “43% of respondents use file encryption, 39% use email encryption, 26% use whole/full disk encryption. Other security tools used by less than 50% of respondents are two-factor authentication (39%), intrusion prevention (29%), intrusion detection (29%), remote device management and wiping (28%), device recovery (27%), web filtering (26%), employee monitoring (23%), and biometric login (12%).”
It’s plain to see that those numbers are pretty grim, and it can seem daunting to tackle this problem. Setting up security for an entire organization is costly and time-consuming, but there are many steps that individuals can take to make sure they are doing their part to ensure safe online practices at their firm. Let’s look at and learn from an extremely popular example of a situation that was funny at the time, but in reality, poses a big threat to law firm security as a whole.
First Came The Cat Lawyer, Next Came the Data Breach?
“I’m not a cat.” The saying was shared on social media, it was plastered all over the news, it was endlessly mocked, it brought a ton of joy — it also proved a point that many had been trying to make since the start of lockdowns. If lawyers can’t competently use a video conferencing tool, what else can’t they do?
After the admittedly silly episode occurred, it had been found out that the lawyer in question had used his assistant’s computer for his zoom call. The assistant’s daughter had allegedly set up the cat filter unbeknownst to them at the time, causing the now infamous viral video. Now, this was an honest and harmless mistake, but it goes to show how easy it can be for systems to be compromised. Let’s use this as an example to look at how individuals can bolster their firm’s cybersecurity posture on their own.
Personal Device Use or BYOD
The lines are blurring between work and personal life, but when it comes to cybersecurity for law firms — those lines need to be firm. BYOD or Bring Your Own Devices policies at workplaces have become more popular over the past 10 years. According to UPenn, nearly 60 percent of employees would access company data on their mobile devices. The more devices you have connected to your network, the greater likelihood of a breach. Using personal devices in 2021 however can sometimes be unavoidable, so what can you do?
Attorneys can protect themselves, their firms, and their clients by ensuring that they are the only ones using their devices. When leaving your desk, simply lock your computer, phone, or tablet so you know it’s safe from any other use. You can go the extra mile and utilize your computer’s built-in biometric scanner, or purchase an external one for enhanced security. Perhaps we would not have a viral cat video if personal computer use was kept separate from work computers?
Protect Your Passwords
Password management is the single most important item for employees to work on. There are an incredible amount of password management tools available for private and enterprise use these days — and many even offer free versions! Having your sensitive data locked behind a strong password is key, and too many individuals these days reuse passwords or write them down on paper to remember. According to a google security study in 2019, as many as 65% of people reuse the same password for multiple or all accounts.
Being diligent about not only updating your passwords periodically but also never reusing or sharing your passwords can decrease your firm’s cybersecurity risk exponentially. It may sound simple to some, but to others, they just may not understand the gravity of the risks. That’s why the last personal step employees can take is education.
Educate Yourself and Your Team
Being vigilant about cybersecurity at your law firm boils down to educating yourself and your team about what to look out for. Taking an “it won’t happen to me approach” just won’t cut it these days. Being aware of various types of social engineering such as phishing attacks, where someone attempts to infiltrate your network by having you click on a link filled with malware, could help you or your employees think twice about clicking a link in that odd email request. For larger firms, you can even hire companies to conduct fake attacks in an effort to educate users on what they should, and should not click on.
While cybersecurity seems to be the last item on anyone’s daily to-do list, it’s increasingly important as an individual to learn how to protect yourself online. These simple steps, like not using your personal devices for work, updating your passwords regularly, and educating yourself against social engineering attacks can make a huge difference in your cyber defenses.