More Delmarva Fox Squirrels Moving to Delaware

The Importance of Cybersecurity Standards With Law Firms  


(September 18,  2020)--Legal services are founded on confidentiality and privacy, and the attorney-client relationship is based on it. The profession significantly relies on information and knowledge. With lawyers having access to highly sensitive information from intellectual property to trade secrets, protection of this information is paramount. Regardless of the kind of information law firms have access to, many law firms either do not prioritize cybersecurity or cannot afford it. For this reason, law firms have become targets of cyberattacks.

Screen Shot 2020-09-18 at 9.8.48

Alec Light provides IT services in Fort Myers with ITNS.  Alec shares insights on how law firms can protect client information with proper cybersecurity solutions.

Cases of cyberattacks against businesses have been rising worldwide, affecting both small and large companies, making cybersecurity mandatory in law firms. Often small law firms are being targeted by hackers because they believe that they are very unlikely targets to cyberattacks and often do not have the necessary infrastructure in place to protect themselves. With these attacks becoming more frequent and sophisticated, it’s vital for law firms of all sizes must be aware and have data protection procedures and policies in place to help them counter these attacks. According to a survey carried out by the American Bar Association in 2018 on law firms investigating data breaches, the following was reported:

  • 23% of responding firms had suffered from a cyber breach at some point. This is compared to 22% in 2017, 14% in 2016, 15% in 2015, 14% in 2014 and 13% in 2013.
  • The number of cyberattacks increased with increasing firm size, ranging from 14% solo firms, 24% firms with 2-9 attorneys, 42% firms having between 50-99 attorneys, and 31% of firms with more than 100 attorneys.

According to the ABA Legal Technology Survey Report of 2016, 62.8% of law firms with more than 500 attorneys and 30.7 % of all law firms reported that potential and current clients specify security requirements as part of their client agreement. Other firms also reported that their corporate clients wanted access to the firm’s cybersecurity plans and requested prevention policies to be implemented by the firm.

Data Regulations Screen Shot 2020-09-18 at 9.9.10

The government does not directly regulate the cybersecurity practices of law firms. However, the nature of the information that may be made available or transferred as part of the lawyers’ presentation requires law firms and attorneys to comply with cybersecurity standards. The professional obligation of confidentiality requires lawyers to promote and protect data security for a healthy and trustworthy attorney-client relationship with their clients and thereby secure access to justice.

Law firms should implement a layered defense to counter cyberattacks. The following are some key defense mechanism:

  1. You Should Keep Your System Software Updated: System updates help fix network vulnerabilities identified by the developer. Therefore, it is essential to ensure that your systems are updated continuously and that remote users have also updated their software.
  2. You Should Use Secure Internet Connections: With most employees working remotely, its vital to ensure that the internet connection used is not unsecured public Wi-Fi, and it is protected through a Virtual Private Network (VPN).
  3. You Should Use Secure Web Browsers: Remote workers should ensure that their web browsers must always.
    • Be updated
    • Have pop-up and ad blockers enabled and end-point security solutions
    • Have a content filter feature enabled
  4. You Should Implement Data Backup And Recovery Solutions: Cloud-based computing services offer secure data storage and backup solutions. With cloud-based backup solutions, your firm can quickly recover data and restore operations in the case of a data breach.
  5. You Should Encrypt Sensitive Data: Encryption of sensitive data stored on tablets, computers, laptops, and mobile devices will ensure that only authorized persons that have the encryption key or password have access to the information.
  6. It would be best if you Secured Mobile Devices That Store Data: Storage devices such as flash drives, thumb drives, and USB sticks should be frequently scanned, encrypted, and used with extreme caution since they could be easily infected by malware and transferred to the system when plugged in.
  7. You Should Implement Strong Username And Password Management Along With Multi-Factor Authentication: Implement strong passwords and username requirements. Your system password shouldn’t be predictable and should include a combination of uppercase, lowercase, digits, and symbols. It is also advisable to change your passwords regularly, at least every three months.
  8. You Should Have Cybersecurity Liability insurance: Your law firm should assess its system to determine the firm’s risk to cyberattacks and take out adequate cyber insurance as part of its overall cybersecurity risk mitigation strategy. This can help you to cover the costs related to a data breach, including privacy breach, notification expenses, litigation, loss of income, regulatory fines and penalties, and other expenses.
  9. You Should Train Your Employees On Cybersecurity: In most cyberattacks, employees are the weakest link to your system’s security. Therefore, security awareness training for law firm employees and staff is essential.

In these unprecedented times, where stakeholders of the legal profession trying their best to navigate their way around the COVID-19 pandemic. With most law firms forced to operate remotely, it’s vital to implement and install the necessary security measures to prevent cyber-criminals from exploiting this vulnerable situation.

To better protect their client’s sensitive information and maintain privacy in an increasingly digital world, lawyers and law firms should implement cybersecurity standards appropriate for their practice needs.