Make cybersecurity a priority for your law firm

By Nicole Black
BridgeTower Media Newswires

If cybersecurity isn’t on you firm’s ra­dar this year, then it’s high time you made it a priority. The risk of a breach that could compromise your law firm’s confidential client data is an increasing likelihood, especially if your firm hasn’t enacted security measures designed to counter cybersecurity threats.

This is especially so in the wake of news, as reported by the ABA Journal last month, that a Texas law firm’s data was hacked and then its data was pub­lished online. The confidential informa­tion disclosed included fee agreements and diaries from personal injury cases.

Earlier in February there were also reports that ran­somware attacks hit three dif­ferent law firms. These types of attacks occur when law firm employees receive an email that appears to be legitimate but was sent by a hacker and includes a malicious link. Once employees unwittingly click on a phishing link or a link infected with malware, your firm’s data can then be exploited.

If you’re still not convinced that cybersecurity should be a priority for your firm, then the results of the 2019 ABA Legal Technology Survey Report should do the trick. Accord­ing to the report, 26% of lawyers reported that their firms had experienced a security breach such as a lost or stolen computer or smartphone, an attack by a hacker, a break-in, or a website exploit. And 36% indicated that their law firm technology had been in­fected with a virus, spyware or malware.

If your firm doesn’t have a cyberse­curity plan in place, rest assured you’re not alone. According to the report, only one-third of lawyers surveyed (32%) re­ported that their firms had a full security assessment conducted by an independent third party.

That being said, the survey results showed that most law firms overall were taking cybersecurity issues into account, but some were implementing more secu­rity precautions than others. One popular security measure enacted by the majority of law firms (86%) was spam filters. Oth­ers included firewall software (80%), an­ti-spyware (76%), pop-up blockers (74%), desktop or laptop virus scanning (68%), mandatory passwords (68%), email virus scanning (67%), network virus scanning (64%) and hardware firewalls (52%). Oth­er less popular types of security tools used by fewer than 50% of the firms included file encryption (44%), email encryption (38%), file access restriction (38%), in­trusion prevention (34%), intrusion de­tection (32%), web filtering (25%), whole/ full disk encryption (22%) and employee monitoring (21%).

Another security measure increasingly taken by law firms is to use more secure online channels for client communication. After all, email communications and em­ployee actions are often the weakest link when it comes to law firm security, so com­municating using more secure methods simply makes sense. This is especially so in light of the issuance of Formal Opinion 477 by the ABA Standing Committee on Ethics and Professional Responsibility in May 2017. In that opinion, the Committee opined that unencrypted email may not always be sufficient for client communi­cations, especially when the information being discussed is of a particularly sen­sitive nature. The Committee concluded that in that instance, lawyers may want  to consider more secure methods of com­municating and collaborating with clients, including using a “secure internet portal.”

The good news is that in 2020 law­yers have more options than ever when it comes to securing their law firm’s sys­tems and communicating securely. In recent years, technology has improved significantly, and more secure electronic communication methods have emerged. That’s why more and more firms are choosing to use client portals to secure­ly communicate. According to the report, 29% of law firms now offer clients access to a secure client portal, up from 22% in 2017. Some of the top ways that law­yers reported that their firms used client portals include document sharing (42%), messaging and communication (38%), in­voicing and bill payment (34%), and case status updates (23%).

So if your law firm isn’t prioritizing cy­bersecurity in 2020, then what are you waiting for?

There’s no better time than the pres­ent. If your firm isn’t taking precautions to protect its data and educate employees about phishing and hacking schemes, then it could be the next firm to make the head­lines following a breach or ransomware at­tack. Don’t be that firm. Instead, take steps to secure your firm’s data and make sure that the only reason it makes headlines is for winning cases — not getting hacked.

Nicole Black is an attorney in Rochester, New York. She also is an author, journalist and the legal technology evangelist at My­Case legal practice management software.