By Jessica Grayson and Gina F. Rubel, Esq.
In 2019, law firms across the country reported data breaches via external breaches and phishing, device theft, insider wrongdoing, ransomware, and other means. The number of cyber incidents skyrocketed in 2018 and is continuing to rise. Much like the illegal opioid industry, cybercrime is a business with an expected cost of $2 billion dollars in 2019.
Did you know that 75% of ransomware attacks have caused business downtime and 97% of IT pros report that ransomware attacks against businesses are occurring more frequently? This is likely to increase exponentially.
Because of the staggering statistics, law firms and their executives must be prepared for a cyber-attack. Mitigating risks associated with cybercrime is not just an IT function; all firm departments play a role in safeguarding data and protecting information. Marketing and Business Development professionals should be involved in data security initiatives from inception. Communicating the firm’s cybersecurity plan to clients and potential clients is crucial and marketing professionals should be able to speak the same language as our clients – and to vendors when selecting new software or systems. Internal communications are equally important so that everyone understands their role in preventing data breaches.
Here are 30 cybersecurity tips for your law firm:
- Make cybersecurity a priority.
- Recognize the risks.
- Identify your cyber-incident response team (Hint: It’s not just I.T.).
- Have a cybersecurity incident response plan including a business continuity plan and communications plan. (Don’t forget to COMMUNICATE that plan.)
- Update your relevant policies regularly. (Think BYOD and beyond – proper shredding and disposal policies are also key factors in keeping data secure.)
- Conduct risk assessments and table-top exercises just like fire drills.
- Audit your insurance policies and make sure you have cyber insurance.
- Consider banking bitcoin.
- Institute and test your records retention policies.
- Back up, back up and back up. Then back up some more. But, be sure that you know where your backups are and that they are handled within your firm’s records retention policy.
- Use encryption software.
- Don’t allow staff to use public WiFi without a VPN.
- Make sure your firm’s software is updated regularly.
- Regularly run antivirus and malware programs.
- Use caution when traveling and using firm WiFi devices – and don’t name your network after your firm.
- Conduct phishing tests and reward positive behavior like the reporting of potentially harmful emails. In fact, you may want to set up an email address such as “email@example.com” so all such emails are processed carefully.
- Educate everyone in the firm on email red flags.
- Use multi-factor authentication on your email and don’t complain about it.
- Require third-party partners to carry cyber insurance and to comply with your firm’s security procedures including multi-factor authentication.
- Include your third-party partners in your law firm’s cybersecurity testing (table-tops, pen testing, phishing tests).
- Require attorneys and professional staff to use password best practices (more than 21 characters or change regularly).
- Require attorneys and professional staff to use secure passwords and not to reuse passwords.
- Educate attorneys and professional staff about cybersecurity and test your systems regularly.
- Use a password manager such as 1Password or LastPass.
- Update your software and apps regularly.
- Do not use pirated software.
- If it looks suspicious, it is. Hover over all links before clicking to see if the link is legitimate.
- Check your credit annually and your credit card and banking statements regularly.
- Check to see if your information has been compromised on the Dark Web and how unique you are on the web aboutmyinfo.org.
- Be disciplined with emails, texting, laptops, smartphones, desktops, wireless environment.
- ABA Cybersecurity Handbook
About the authors: Jessica Grayson is the chief business development officer of Phillips Nizer LLP and Gina Rubel, Esq. is the founder and CEO of Furia Rubel Communications, Inc.