Cybersecurity threats are a major concern, and they affect everyone from multi-billion dollar corporations to unsuspecting personal email users. Email hacks, data breaches, ransomware attacks – the list never ends. Luckily, there’s a way to move law firms out of the line of attack and protect them against threats by putting effective measures in place so you reduce lost billable time, protect your sensitive information, and defend against attackers seeking your client’s valuable data.
We get it.
You didn’t sign up to be a tech expert when you became a lawyer, but running a modern law firm comes with the responsibility of protecting your firm and client data however possible. According to the ABA’s 2018 TECHREPORT, 23% of survey respondents reported that their firm had experienced a security breach at some point. And that number is rising.
Now – more than ever – it’s critical to have cybersecurity measures in place.
To many firms, the thought of having to add cybersecurity to a long to-do list is overwhelming. And though there are many things law firms must consider when it comes to cybersecurity threats, we want to call attention to the 4 biggest and most common ones you may encounter and share how you can protect against them.
By addressing these 4 cybersecurity threats and taking action against them, you’ll be able to protect your firm and your clients from the vast majority of attacks.
Cybersecurity Threat to Law Firms #1: Phishing Attacks & Data Breaches
Many lawyers believe that cyber breaches happen because hackers deliberately break their way into your law firm’s system. But the truth is, 91% of all successful data breaches actually begin with a spear phishing attack.
In simple terms, phishing means that someone on your team is tricked (or “phished”) into handing the attacker the keys to the castle so they don’t even need to break in.
There are a few different types of phishing and each works a bit differently. With “classic phishing,” you’ll receive a legit-looking email from a familiar company like Amazon. The email might say something seemingly harmless and normal like, “Your order will be canceled if you don’t click this link to confirm.”
Since the email looks legitimate and creates a sense of urgency, many people are inclined to click on it without giving it a second thought. Consequently, when someone clicks that harmless-looking link, it can provide the phisher full access to a law firm’s email system, sensitive client data, virtual private network (VPN), and other systems. Worse yet, it also enables attackers to install malware that gives outside users a backdoor into your systems.
This could result in client data being taken, leaked, sold, or ransomed.
Another form of phishing, “spear phishing,” is when the phisher makes the email look like it’s coming from someone within your company. They’ll do something that's easy to miss, like carefully changing a letter or two within a familiar email address. With frequent communication and exchange by email throughout the workweek with colleagues and clients, a request to transfer funds or send information may not be out of the ordinary.
If you think you can trust your spam filter to protect your team from these emails, think again. Unfortunately, 10-15% of phishing attacks typically make it through these filters – landing straight in your inbox.
How to Protect Your Law Firm From Phishing Attacks & Data Breaches
Are you wondering how vulnerable your firm is to phishing attacks and data breaches? Luckily, there’s a way to test. We’ve partnered with KnowBe4 to provide lawyers with the cybersecurity awareness training they need to prevent a phishing attack on their firms.
Through KnowBe4’s simulated phishing tests, you can “phish” your users and see how they perform. Once you have the results of your phishing tests, KnowBe4 will provide you with training you can share with your most vulnerable employees to prevent issues from truly happening.
Learn more about the phishing test and sign up to try it for free here.
Cybersecurity Threat to Law Firms #2: Weak, Insecure Passwords
You’ve heard it before, but I’ll say it again: You need secure passwords.
And not just you, but every person who has login credentials of any kind within your law firm. Everyone must use strong, secure passwords. Many lawyers are still using passwords that are too easy to guess like, “TheirLastName123” or the dreaded, “password,” which is still the #1 most commonly used password. Yikes.
It’s important to note that – even if your firm is using secure passwords – there is still the risk of those passwords being exposed if they’re being used for multiple websites.
Let’s say, for example, that Target has a data breach. If your employee has been using the same password they use for their work logins as they do at Target, then that means the attackers now have a password to your firm. In other words, they can try out these Target login credentials on other websites you use at your firm (like Office365 or Google) until they get a hit.
How to Protect Your Law Firm From Weak Passwords
Educate your users and implement a formal password policy. That is your simplest and best defense against insecure passwords.
Many lawyers/attorneys don’t see the problem with using the same password for multiple websites. Perhaps it’s what they’ve always done with less sensitive data – or they haven’t experienced a threat (yet).
If you don’t already have a password policy for your law firm, then it’s time to create one that requires employees to use a unique password that they won’t use anywhere else. And if employees complain that they can’t remember their secure password – and you want to avoid the old password-sticky-note-on-the-computer trick – consider using a password management tool like LastPass or 1Password.
Enabling two-factor authentication adds another level of security. You’ve probably seen this when logging into your bank or other secure account on a new device.
With two-factor authentication, you’re prompted to enter an additional code to access your account. That code is either texted, emailed, or generated by an app on your phone. This simple and often completely free security measure can drastically improve your law firm’s security.
Cybersecurity Threat to Law Firms #3: Out-of-Date Software
Those pesky updates we all like to postpone our operating systems and software aren’t just for adding new features. They’re also important security measures that many companies don’t even consider. Updates may seem like a nuisance, but they actually contain critical security updates that patch the vulnerabilities in your existing system, ultimately making it stronger and less prone to cyber attacks.
An example of a cyber attack that targeted out-of-date software is the 2017 WannaCry ransomware attack. This attack targeted computers running on older and out-of-date versions of the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin. Although Microsoft had already patched this particular security vulnerability, many users had not yet updated their operating systems and thus were susceptible to the attack.
In the UK, this ransomware attack cost the NHS (the UK National Health Service) $120 million because so many of their PCs were running old and outdated versions of Windows. The medical records of millions of people were exposed, doctors were forced to turn patients away, and surgeries had to be canceled.
All this could have been prevented by simply having the computers used by NHS employees running on the most up-to-date version of Windows.
How to Protect Your Law Firm From Out-of-Date Software
Luckily, addressing this risk is pretty straightforward.
Make sure all the devices connected to your network have the latest updates installed. In other words, stop ignoring those “it’s time to update” notifications!
Keep an eye on other systems – even if they aren’t sending you notifications yet – and update any devices connected to the network, even ones that aren’t in regular use.
Why is this important?
We were once hired by a law firm that had a security breach. They couldn’t figure out how the attacker got access. After searching, we eventually traced the point of entry to an old computer in the closet that was rarely used yet still plugged in and connected to the network.
Any device – even ones not regularly used – can provide an entry point to your entire tech system. That's why it’s crucial to keep all devices current.
All our Freedom FactoryⓇ Legal Pro packages include remote, automatic, in-the-background monitoring, management and updates to your tech system so you don’t have to worry or spend extra time figuring it out. Our system handles what we do best – our specialty – so you can get back to yours.
Cybersecurity Threat to Law Firms #4: Unreliable Backups That Can’t Be Recovered Quickly & Easily – Or No Data Backups At All
Your final line of defense in case of ransomware or lost data is a good backup that can be restored quickly. Believe it or not, many law firms fall into the trap of using physical hard drives for their backups.
This costs time and money – but is also not reliable or secure. What if something were to happen to that hard drive? What if it got damaged somehow? What if it were stolen or lost?
Even if nothing happens to the hard drive, what if some other tech disaster strikes and you actually need to restore your backup? This is a process that can easily take days. How much money would losing billable time for a full week cost your law firm?
You need a backup that’s secure, and one that makes sure you can get back online quickly and easily in hours or minutes – not days or weeks.
Life happens. Disasters happen. Be certain that you’re covered and your data is protected through fire, flood, break-in, hack, human error, hardware failure, or any other tech disaster you can think of.
How to Protect Your Law Firm From Unreliable Backups
First and foremost, stop relying on someone to take the backup hard drive home. Instead, take a modern approach to data backup and disaster recovery by saving a complete, instantly-bootable image of your hardware rather than a file-by-file copy.
The best way to do this is to work with a cloud-based IT support and tech advising company specialized in law firms like FeatherShark. Instead of relying on the old-school hard drive backup approach that can leave your firm down for days while it’s restored, move to a more modern solution. With some of our systems, we can have clients back up and running in as little as 30 minutes.
That’s substantially less billable time lost for you and your lawyers in the case of an attack.
Cybersecurity That Makes Sense for Law Firms
It is possible to get carried away with cybersecurity measures and lock things down so tight that no one can get any work done. FeatherShark can help you find the right balance between productivity and security.
We take a leaner, lighter, simpler strategy to cybersecurity that sets you up with a solid defense to the most common threats. That’s not to say something will never happen – and that’s exactly why you must have a good backup that is quick and easy to restore. In the case of extreme events, there is cybersecurity insurance that will protect your firm so there is no need to operate like Fort Knox every single day.
Will Your Team Take The Bait?
While you’re assessing the risks that exist in your law firm, why not put your team to the test to see how they’ll do in a real-world simulated phishing test via our partner KnowBe4? Click here to learn more and see how your team performs!
What Our Clients Have Said About Their Transitions to the Cloud with FeatherShark’s Help
“I know a lot of law firms have had problems letting go of tangible tech like servers. But Feathershark has this motto to spend less money on hardware and invest in cloud options. And it’s absolutely worth doing…
I mean, everything that we have is now on the cloud. Having that is great because we can access our office anywhere on the planet. And Feathershark made that happen for us.
“Rather than making us spend more money on high-end items we didn’t need like our last IT firm, FeatherShark has better solutions…
Their idea is to simplify things and spend less money on hardware and instead invest in Cloud options.”
“It’s not unrealistic to say FeatherShark has had an impact in everything we do at our practice because they’ve helped up standardize our tech systems for email, calendars, data storage, management, and software by putting it into the Cloud…
Thanks to them, we’ve been able to run our firm 10X more efficiently.”
“Thanks to FeatherShark, I’d say we’re better technology-suited than a lot of other competitors our size because of the tech systems in the Cloud they’ve set up for us…”
Think a transition to cloud technology might be right for your law firm?
Then get started by scheduling a complimentary “fast track your law firm’s tech to the future” strategy session so we can discuss where you are at now with your tech and explore opportunities to upgrade your firm to the Cloud. You can schedule your strategy session here.