The legal industry is not necessarily the most prepared when it comes to cybersecurity, according to a new report. ALM Intelligence shows over the last three years:
- 2015: Law firms and law departments were far behind the curve when it came to cybersecurity preparation and response.
- 2016: Law firms playing catch up, and things were improving slightly as law departments were being held accountable for cyber attacks in their organizations.
- 2017: This year’s research is showing that “the state of law firm and law department cybersecurity is still fractured: many continue to struggle with managing cyber threats.”
Clients have become more demanding. 82% of law firm respondents said that their clients are requiring them to upgrade their cybersecurity capabilities.
Why hackers target law firms
While the reasons may seem obvious, especially when it comes to high-profile corporate firms, here are three reasons why hackers target law firms:
- Large firms, especially those with over 100 lawyers, are targets because of the availability of large quantities of valuable and quality documents. By targeting law firms, they can quickly access such information as technical secrets, business strategies, and financial data for numerous clients.
- By handling the important information, Law firms provide a quick detour around information of little value. The information that attorneys have access to is the high-value information, which is more selective and valuable to hackers. By skipping the corporation and targeting their law firm, they more easily access the high-value data.
- Data security hasn’t traditionally been a priority at law firms. Larger law firms move at a fast pace and need access to information quickly. This means law firms may have sloppy or no data security practices in place.
What can be done
- Get the lawyers on board
- A required security video every year is not enough. Train and phish your employees and lawyers through simulated phishing attacks. Find out which percentage of your team is phish-prone and focus on those that need the most help.
- Compliance is not security
- While certain cybersecurity tools will help you check off the necessary compliance audit questions, it doesn’t necessarily mean that you are secure. On the other hand, having a strong security foundation will help you ensure and simplify compliance.
- Find vulnerabilities…and patch them
- Many of the front page news data breach attacks that you hear about are caused by known vulnerabilities that were never patched. Use a service like PREtect that will help find vulnerabilities in your system and create a patching policy that will fix them.
- Protect those endpoints
- Antivirus isn’t enough, Endpoint Detection and Response (EDR) may not be enough. But combined into a service like PREtect with managed EDR, you can stop malware before it executes.
- Monitor, monitor, monitor
- By using a SIEM (Security Information and Event Management) tool, you pull all the networks and systems together to create a complete picture of your infrastructure. And by having a dedicated team of experts to monitor that SIEM, you will be protected around the clock.