As an attorney, privacy is critical to maintaining your client relationships. But a growing risk threatens to impact those relationships—cybercriminals, also known as hackers. A data breach is not only detrimental to your current clients, but could echo for years to come, potentially crippling your firm’s reputation and destroying your business.
Are you prepared for an attack? Does your firm have a comprehensive cybersecurity strategy in place? With October designated National Cybersecurity Awareness Month, now is the ideal time to evaluate and update your current cybersecurity practices.
If you have questioned whether your firm is at risk, it is. Law firms are extremely attractive targets for hackers, primarily due to the wealth of sensitive and financial client information they possess. It’s no longer a matter of if your firm will be targeted, but when. And, attacks continue to rise—since 2011, at least 80 percent of the biggest law firms have been hacked. According to the ABA’s 2015 Legal Technology Survey Report, about 15 percent of respondents overall reported that their firms had experienced a security breach at some point.
With this in mind, it’s easy to understand why clients have become increasingly concerned about a breach. Not only that, there’s more legal pressure than ever for law firms to protect their data. In fact, The State Bar of California issued a formal opinion on the topic, stating that, “An attorney’s duties of confidentiality and competence require the attorney to take appropriate steps to ensure that his or her use of technology in conjunction with a client’s representation does not subject confidential client information to an undue risk of unauthorized disclosure.” More recently, even the FBI and the U.S. Secret Service have stepped in to warn law firms of their risk.
Know What to Look for
Though every organization has unique security challenges, there are a few common threats all law firms should be aware of. Knowing what to expect can help better protect and mitigate cyber risk.
Every day, nearly one million malware threats are created and released. The most dangerous form of them all? Ransomware. In this type of attack, hackers infect your computer, encrypt the files, and demand a ransom to regain access—sometimes requesting as much as $10,000. You can easily spot this type of threat as you will be denied access, and the hackers will prevent you from using your computer as you normally would. As a law firm, the impact on your business could be catastrophic. Even if you pay the fee, chances are your firm will never see those files again.
Web Application Infiltration
Web applications are a key target for cybercriminals, and for good reason. Web applications typically contain valuable data, such as personal information, financial data and intellectual property. SiteLock’s research, in partnership with faculty from the Wharton School of Business, shows that websites with a high number of features are 12 times more likely to be hacked. Though sites with multiple features may be beneficial to clients, they can also pose a major threat without the proper security solutions.
Spear phishing has become one of the most common threats to law firms, and it’s easy to understand why. This twist on phishing is a targeted email attack aimed at a specific organization or individual. An individual is tricked into clicking on a malicious link or downloading a malicious attachment. If they click – more than 30 percent of people do – hackers use this to gain access to sensitive internal information, such as client data and trade secrets. Because the email message appears to come from a reputable organization, it’s important to be wary and confirm the sender is a real, trusted source.
Do your Due Diligence
Despite the increase in threat level, there are a few steps you can take to protect your firm from an outside attack.
- Recognize if Your Website is at Risk
Websites are a common entry point for hackers, and in one year alone, more than 760,000 websites were breached. Yet only 6 percent of website owners use proactive solutions to monitor their website for suspicious activity. Even if your firm already has traditional virus scanning applications and endpoint security solutions, these tools are not designed to detect and counter web-based cyber threats and malware.
- Take a Different Approach
A recent independent report commissioned by SiteLock found that endpoint security solutions miss more than 90 percent of web-based malware. Relying only on endpoint security solutions may increase the likelihood of security breaches. Instead, think of your website security as a distinct challenge, separate from traditional anti-virus and endpoint security.
- Don’t Assume Your Firm is Doing Enough
Cybercriminals are becoming increasingly sophisticated. Though you may have avoided a breach up to this point, your firm’s reputation and clients can’t count on good luck and basic security features moving forward. But you’re not alone – in fact, 84 percent of website owners admit to relying on search engines, website hosting providers or site visitors to alert them of malicious activity after they’ve been compromised.
To help prevent threats from infiltrating your business, be sure to proactively scan your firm’s website daily to detect any vulnerabilities. Security solutions, such as web scanners and web application firewalls provide an additional layer of protection against outside perpetrators, while safeguarding your clients’ information.
Your clients trust you to protect their most sensitive information and maintain their privacy. This National Cybersecurity Awareness Month, commit to upgrading your current cybersecurity strategy. By protecting your website and data, you can defend your clients—and your firm’s reputation for years to come.