(September 18, 2020)--Legal services are founded on confidentiality and privacy, and the attorney-client relationship is based on it. The profession significantly relies on information and knowledge. With lawyers having access to highly sensitive information from intellectual property to trade secrets, protection of this information is paramount. Regardless of the kind of information law firms have access to, many law firms either do not prioritize cybersecurity or cannot afford it. For this reason, law firms have become targets of cyberattacks.
Alec Light provides IT services in Fort Myers with ITNS. Alec shares insights on how law firms can protect client information with proper cybersecurity solutions.
Cases of cyberattacks against businesses have been rising worldwide, affecting both small and large companies, making cybersecurity mandatory in law firms. Often small law firms are being targeted by hackers because they believe that they are very unlikely targets to cyberattacks and often do not have the necessary infrastructure in place to protect themselves. With these attacks becoming more frequent and sophisticated, it’s vital for law firms of all sizes must be aware and have data protection procedures and policies in place to help them counter these attacks. According to a survey carried out by the American Bar Association in 2018 on law firms investigating data breaches, the following was reported:
- 23% of responding firms had suffered from a cyber breach at some point. This is compared to 22% in 2017, 14% in 2016, 15% in 2015, 14% in 2014 and 13% in 2013.
- The number of cyberattacks increased with increasing firm size, ranging from 14% solo firms, 24% firms with 2-9 attorneys, 42% firms having between 50-99 attorneys, and 31% of firms with more than 100 attorneys.
According to the ABA Legal Technology Survey Report of 2016, 62.8% of law firms with more than 500 attorneys and 30.7 % of all law firms reported that potential and current clients specify security requirements as part of their client agreement. Other firms also reported that their corporate clients wanted access to the firm’s cybersecurity plans and requested prevention policies to be implemented by the firm.
The government does not directly regulate the cybersecurity practices of law firms. However, the nature of the information that may be made available or transferred as part of the lawyers’ presentation requires law firms and attorneys to comply with cybersecurity standards. The professional obligation of confidentiality requires lawyers to promote and protect data security for a healthy and trustworthy attorney-client relationship with their clients and thereby secure access to justice.
Law firms should implement a layered defense to counter cyberattacks. The following are some key defense mechanism:
- You Should Keep Your System Software Updated: System updates help fix network vulnerabilities identified by the developer. Therefore, it is essential to ensure that your systems are updated continuously and that remote users have also updated their software.
- You Should Use Secure Internet Connections: With most employees working remotely, its vital to ensure that the internet connection used is not unsecured public Wi-Fi, and it is protected through a Virtual Private Network (VPN).
- You Should Use Secure Web Browsers: Remote workers should ensure that their web browsers must always.
- Be updated
- Have pop-up and ad blockers enabled and end-point security solutions
- Have a content filter feature enabled
In these unprecedented times, where stakeholders of the legal profession trying their best to navigate their way around the COVID-19 pandemic. With most law firms forced to operate remotely, it’s vital to implement and install the necessary security measures to prevent cyber-criminals from exploiting this vulnerable situation.
To better protect their client’s sensitive information and maintain privacy in an increasingly digital world, lawyers and law firms should implement cybersecurity standards appropriate for their practice needs.