Cyberattacks: Your Firm is Not Immune
Reports seem to be coming out daily of security breaches, ransomware heists, and super viruses. Though many hackers tend to focus on larger corporations because the payout is good, everyone everywhere is vulnerable. Small firms are repositories of sensitive client information as well: personal information, wills, trusts, and more.
There are currently fifteen Chicago law firms involved in a class action lawsuit where the plaintiffs claim their personal information was at risk. Not breached or hacked. Just at risk due to the inadequate cybersecurity utilized by those law firms. The high-profile Panama Papers scandal back in 2015 is an excellent example of data breach. 11.5 million documents of private client information were leaked from a Mossack Fonseca, a law firm in Panama.
According to The National Law Review, lawyers need to be doing a lot more to secure their firm’s legally protected client information. Security issues can have significant consequences such as the steep price of repairing any damages, violation of ABA Model Rules, and loss of practice reputation.
As always, the solution is to solidify your cybersecurity by utilizing Security Awareness Training. The quickest way in for hackers is the daily activities of your employees– email. Malware often penetrates a system via an email that copycats a known contact person and sends an email with a link or attachment. The employee opens it, and voila, all of your firm’s personal and client information is accessible. Unprotected wifi and remote desktop applications are also a risk. Information on cell phones or other mobile devices is a risk. Even an infected USB drive can compromise an entire firm. Speaking of devices, law firms need to understand that discarded devices are also a risk! A few years ago, a company returned a leased copier, not realizing that the copier contacted contact and personal information, including the health records of 344,000 people.
It’s a good idea to do routine housekeeping of your firm’s digital data. Make sure all software remains up to date, consider using an encryption software , and utilize two-factor authentication. Develop a backup plan should the worst happen so your firm knows what to do. Be compliant with your state’s breach notification law and ABA rules, and get the word out yourself before someone else does. Include the steps your firm is taking to rectify the situation.