Cybersecurity for Law Firms
We hear about the big data breaches in the news because they affect so many people – breaches at Target, Home Depot, JPMorgan and elsewhere compromised the accounts of hundreds of millions of customers in just the past few years, costing billions of dollars in damage.
These larger events can obscure the fact that smaller businesses are affected in less headline-grabbing cyber crimes literally all the time. According to studies conducted by IBM’s “Cost of Data Breach Study,” there are 1.5 million cyber hacks every year, with businesses being attacked nearly 17,000 times a year – essentially once every 20 seconds or so.
Law Firms Fall Victim to Cyber Criminals as Well
While we think of sensitive customer data such as social security numbers and financial information being at risk in data hacks, that is just one of the many risks that law firms face with regard to cyber attacks. Other threats include:
- Litigation Strategy: Your work of course contains attorney-client privileged information and attorney work-product, which can contain legal arguments, damaging information, and other strategies you don’t want revealed to the other side.
- Client IP / Trade Secrets / Non-Public Info: Oftentimes, law firms handle confidential information on behalf of clients such as designs for new products, formulas and algorithms, business plans, and sensitive financial forecasts.
- Client Employee Information: When you represent a business or owner, you may also have sensitive information in your files relating to employees, e.g. personal and financial info.
Be Proactive About Protecting Your Data
With this much at stake, even small firms and solo attorneys need to take their data security responsibilities seriously. Here are a few tips that attorneys can use to improve their cybersecurity:
- Keep Close Tabs on Use of File-Sharing Software: Applications like Google Drive and Dropbox have become useful tools for firms to share large documents and files and give attorneys and others the ability to access them outside of the office. But when employees and third parties are given access to firm files, it is important to keep track of those parties’ access to files to only those files that should be shared. And when the relationship ends with an employee or third party, it is critical to take care to end all access to sensitive files.
- Beware of the “Internet of Things”: It used to be that the main access points to firm files were through hard copies, the firm’s server and/or email. Thus, keeping tabs on hard files, laptops, and blackberry devices was often sufficient. Now, employees and third parties bring in all kinds of internet-connected devices: smartphones, tablets, and other devices equipped with cameras, scanners, recording equipment and other data-storing devices, all of which can be connected to the internet through wi-fi or cellular transmission. Take steps to make sure your sensitive information is not flowing out through these devices.
- Encrypt Devices: By encrypting your devices, you will make it harder for criminals to hack into them if they are stolen or lost.
- Enforce Password Strengthening Measures: Even in this day and age, many attorneys and support staff, who are otherwise quite tech-savvy, continue to use easily hackable passwords. Require that all employees and attorneys use secure, strong passwords on all devices.
At Rocket Docket, we help law firms and solo attorneys become more efficient in their practices. Contact us today to see what we can do for you.
BACK TO ARTICLES