It’s not surprising that law firms are a valuable target for bad actors when you consider the kind of information they deal with—from non-public intellectual property to merger and acquisitions, law firms are an absolute treasure trove for hackers. In fact, it is estimated that 25% of all law firms practicing in the United States have experienced at least one data breach. And while law firms are increasingly focused on cybersecurity, especially following prominent law firm breaches and the well-known leak of the Panama Papers in 2016, many law firms have not yet comprehensively addressed the issue.
Although the majority of law firms invest in penetration and vulnerability testing, as well as have a password management tool in place, less than half have implemented top-weighted cyber-security protocols such as multi-factor authentication, or have the staff to address these issues. With clients expecting secure data practices from their law firms, the legal industry must start to take a comprehensive approach to cybersecurity when it comes to protecting client information.
Here are five things every law firm should know when it comes to cybersecurity:
1. Comprehensive cybersecurity starts from the top.
Senior partners should take a leadership role in the development of a culture of security in a law firm. As a law firm establishes cybersecurity protocols and procedures, you should ensure that senior partners are involved every step of the way alongside associates and administrative staff to set the example.
2. Cybersecurity is an ongoing process.
Each law firm will have different requirements when it comes to cybersecurity—there’s no one-size-fits-all solution—but one thing they all have in common is that cybersecurity is an ongoing process. Technology is constantly changing, which means our approach to cyber security will too. Law firms should have regular employee training and be aware of what new tools and services are available that may require internal process evolution
3. Have an incident response plan in place.
Less than a third of all law firms have an incident response plan in place. Incident response plans lay out everyone’s role in a law firm and their responsibility in the event of a breach; these plans are critical for mitigating damage—financial, reputational, and otherwise. A strong incident response plan should be easy to implement, involve regular trainings, and involve organization-wide coordination and communication.
4. Hold your third-party vendors to the same standards as you hold yourself.
When it comes to third-party vendors, law firms should make sure that any companies they do business with has the same standard of security as they do—if not higher – so that companies handling your and your clients’ data won’t put it at risk.
5. Your biggest risk is email.
According to a recent article in the National Law Review, email is still considered the standard method of business communication for law firms, however it is also considered the biggest risk. 95% of all malware and breaches begin with email. Given this risk, law firms should consider moving to other methods of communication—such as secure communications platforms that ensure confidentiality, compliance and ephemerality at the same time.
At Vaporstream, we believe that law firms should be able to communicate privately no matter what. Our multichannel communications platform:
• protects your information and attachments every step of the way—even after it leaves your device – ensuring your communications remain confidential and leak proof
• provides an alternative means to communicate when your network is compromised or when email is simply not the appropriate channel.
To find out how we can support your cybersecurity efforts, download our datasheet here.
Contributor: The Vaporstream Team