According to a recent report by the cyber-security firm TruShield, mid-sized law firms (those between 50 and 150 lawyers) will be at the top of the list for cyber-criminals looking for an easy way to get sensitive data. The report warned, however, that “one of the most vulnerable facets in the law firms’ security are emails. Lawyers and support staff are transiting an enormous volume of sensitive information, many times through their email accounts.”
Some of the ways law firms fail to implement and maintain effective measure include:
• Set it and Forget it – Invest in a cyber-security software solution, but fail to take into account the process surrounding the software. One law firm was breached because, although it carefully researched and purchased a suitable software solution, it still had some computers on lease, and when those computers were returned to the leaseholder, they were not disposed of properly.
• Employee education – having walls in place does not help if you leave the door open. Educating employees on the risks of inadvertently opening suspicious emails is an ongoing process.
• Passwords – we can’t stress this enough. Strong passwords are only good security measures if they are used and safeguarded. Unfortunately, a good password policy may make the use of computers, tablets and phones more cumbersome. As a result, in some law firms, senior partners exempt themselves from the firm’s password policy. This opens a huge hole in the cyber-security wall surrounding the firm.
Cyber-security needs to be treated as critical business function for each staff member. In a law firm, every lawyer has a responsibility to protect the firm’s information. If your lawyers and staff believe that someone else is responsible for cyber-security, then your firm is at high risk of a breach.