This two-part series explores how information security enables and helps expand your practice by utilizing available cloud resources. Part one explores the changing business environment and the need to collaborate in a simpler, controlled and secure way. Part two discusses the technology changes, the risks of using technology and how to mitigate these risks.
A Shifting Legal Landscape
Law firms are not immune from cyber attacks; in fact, they increasingly are targets. More sophisticated cybercriminals access confidential information through email phishing, malware attacks and more. In 2015, law firms were the seventh most frequently targeted sector, representing a 50 percent increase from the prior year in the likelihood of suffering an attack.
FBI issued Alert Number 160304-001 "a financially motivated cyber crime insider trading scheme targets international law firm information used to facilitate business ventures. The scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information"
These attacks may take place across cyberspace, but they have several very real consequences for a law firm’s reputation. Protecting your firm's systems and clients' information against these threats protects your reputation, fulfills your ethical obligations to maintain client confidentiality and helps secure your position in a changing business environment.
Myth: Only large or international firms are targeted by cybercriminals.
Just as lawyers physically hold many secret client documents, lawyers' systems hold the confidential data of many clients. Though larger firms certainly have a greater volume of data to steal, firms of all sizes contain a treasure trove of potentially lucrative information, including:
- Insider deal information about mergers and acquisitions
- Information related to patents, intellectual property and trade secrets
- Documents about confidential corporate deals and clients' finances
- Litigation strategy information and evidence pertaining to litigation
- Attorney-client privileged communications of a sensitive nature
- Personally identifiable information for staff and clients, including financial information and credit card numbers
According to the American Bar Association, in 2015 nearly one out of four law firms with more than 100 lawyers experienced a data breach of some kind and 15 percent of all law firms experienced unauthorized intrusions into their digital files. These figures are only growing.
Myth: Implementing security measures adds complexity to simple tasks and interferes with business operations.
In reality, failing to implement appropriate security measures adds complexity and costs to your business. Not securing your data jeopardizes ethical rules of the legal profession, interrupts business operations when a breach occurs and threatens your future competitive position through losses in reputation. Data breaches cost an average of $7 million in expenses in order to recover data, identify the extent of the cyber attack, notify the affected parties and government agencies, and rectify any damages. There are also less tangible costs from losses in productivity and trust.
Myth: Passwords securely protect your information.
Passwords may offer protection from casual snooping, but they present little resistance to many cybercriminals. Most data breaches occur because an employee inadvertently provides access by clicking a link in a phishing email or through similar means. Once password protection is breached, your data and systems are exposed.
Even when you train your employees not to respond to email phishing and similar attacks, sophisticated hackers can crack all but the most complicated passwords surprisingly quickly. A fast computer can try millions of combinations per second and most passwords are simple. If you insist on complicated passwords, employees are forced to write them down because they can’t remember them and you create a new source of risk.
In any case, you have to keep a record of log in credentials somewhere on your system and this location will be a prime target of hackers. They don’t have to bother trying to crack individual passwords if they can get a complete list of user names and passwords. Existing security measures such as passwords no longer provide adequate security and new methods are required to secure your information in the new business environment. For more on how to protect your data check out Part II, “Protecting Client Confidentiality to Meet Ethical Obligations.”
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmaskShare this article: