Make IT

With cyber security risk on the rise businesses and organizations are scrambling to stay ahead of hackers. Law firms in particular, a hub of sensitive corporate, financial, and personal data, are in a precarious position. For example, because court filings are public record a hacker can pull attorney names and send a phishing email with a malicious attachment that purports to be an update from said attorney. Even worse, the public is well aware of this peril. The recent Panama Papers breach has garnered global attention and exposed gaping security flaws in the field of law. Cyber-criminal “Oleras” has also been in the news for targeting over 100 law firms. Among this list are some of the most prestigious in the nation.

As a law firm, your clients need to know that every provided document and digitized correspondence is protected from those with malicious intent and the public eye alike. Cyber security needs to become a competitive advantage for your firm.

Whether you’re a longstanding organization that is upgrading its system or a budding firm in the midst of building its client base you will want to make cyber security priority number one. Below we detail some of the most important steps that you can take to prepare your firm for an all out cyber attack.

5 Key Cyber Security Solutions for Lawyers and Law Firms

1. Consider Cloud Storage

Topping the list is cloud storage. Law Technology Today reports that in this year alone more law firms that ever before are expected to migrate to the cloud. The security benefits are numerous.

For starters, a reputable cloud storage provider will ensure automatic security software updates and patch holes when a system is no longer supported. The functional benefit of user-accessibility is also a key element in security. Your firm’s lawyers, colleagues, employees, and assistants need to access important data outside of the office environment. This data should not live on their laptop or mobile device as it puts sensitive information at immediate risk. The simple act of forgetting a device in a taxi or coffee shop can crush your entire firm if it gets in the wrong hands. With the cloud, assigned personnel can immediately access data without keeping it “on their person”, so to speak. And when your user no longer needs the data, it can be remotely wiped. Another big security benefit of cloud-based storage is efficient backup and robust recovery. Cloud storage is not as susceptible to destruction and loss in the event of a malicious attack. And finally, when it comes to a superior level of security, cloud storage is the most cost efficient - a very important consideration for growing law firms in particular. Important to note is the recent development of big name cloud providers that will guarantee data storage and connectivity within Canada as opposed to having to move data to a foreign country with less stringent privacy and government access legislation.

2. Configure Your Web Server to Disable Directory Listings

Web Sserver misconfiguration that allows access to sensitive directories is one of the biggest security weaknesses. For instance, the simple act of delivering a 403 HTTP status code (“Forbidden Response”) can tell a hacker that a resource does exist, providing them with a piece of the puzzle to access your law firm’s files. If your server is enabling directory listings (not that unlikely at the moment) you are extremely vulnerable to attack. Bring in an IT consultant to inspect and optimize your server configuration.

3. Consider Encrypted Communications 

According to the annual Legal Technology Survey Report (compiled by the American Bar Association’s Legal Technology Resource Center) only 35% of lawyers use email encryption. This number is even lower when it comes to other forms of communication. Email, by original design, is an open and insecure technology. Your firm should consider encryption not only for email, but for voice calling and instant messaging as well. Apple iPhone’s FaceTime and, iMessage and non-Apple messaging apps such as WhatsApp features offer end to end encryption so getting your staff and colleagues to embrace this form of secure communications is not so farfetched. While getting used to email encryption with authentication may feel cumbersome, think of it as you would a seatbelt. You wouldn’t operate your vehicle without it, nor should you operate within your firm without an analogous one in place.

4. Bring in a White Hat Hacker to Test Your Firm’s Security

Cyber Security Solutions for Law Firms | Watch out for the White Hat Hacker

As a law firm you know the importance of performing due diligence regarding a plaintiff or defendant before you’re ready to present a case. The same vigor should apply to your cyber security system. Think of it as bringing in a private investigator to test your security. A “white hat” hacker (or ethical hacker) knows the tricks of the black hat community. They specialize in database penetration testing to ensure the security of an organization’s IT systems. Not only will you (through them) uncover existing vulnerabilities in your network, you will learn to identify signs of suspicious behavior in the future.

5. Provide Cyber Security Training for Your Firm’s Employees 

Chris Vickery, a white hat hacking consultant and IT support person for a reputable law firm in Texas, stresses the importance of employee training as means to prevent security breaches:

At my law firm I worry all the time about somebody just clicking on a bad attachment. I think we’ve been very fortunate in my firm to not have suffered a large scale breach like many have because we train our users and we ram it into their heads, ‘don’t trust anything,’ even if it looks like it’s coming from somebody that you know. (via CIOdive.com)

This point cannot be stressed enough. Everyone in the hierarchy of your law firm must become versed in cyber security and understand how it relates to their day to day. The simplest of steps, such as getting colleagues to hover over (and view) emailed links before clicking them can go a long way. With this training complete, security policies that apply to in-house and remote employees alike will be put into place and a risk management mandate will be solidified.

By addressing all of the above you will not only protect your firm from the real threat of cyber attacks and cyber terrorism, you will be able to market your firm as the safest alternative for clients. Contact Make IT for cloud solutions, network security and disaster recovery. We will help you gain a security seal of approval. Wear it as a badge of honor and bring in new clients because of it.