By Nicole Black
Throughout the pandemic, lawyers have worked remotely, and as a result, cybersecurity has been top of mind for most lawyers. Sophisticated phishing and ransomware schemes have been on the rise as bad actors took advantage of businesses with unexpectedly dispersed workforces. Because many companies, including law firms, were unprepared for the rapid transition to remote work, it was easier for criminals to launch successful cyberattacks.
Even before the pandemic, these types of attacks were increasingly common. That’s why, according to the 2019 ABA Legal Technology Survey Report, more than one-third of all lawyers surveyed reported that their law firm had experienced a virus, spyware, or malware infection. Certain types of cyberattacks were particularly prevalent during the pandemic, including phishing and ransomware attacks, with many notable ransomware attacks making the news.
Fortunately, lawyers now have more options than ever when it comes to combatting both ransomware and phishing attacks. The bottom line: the easiest way to avoid ransomware is to transition to cloud-based systems, and using cloud-based portals for communication solves email-related cyberattacks. I’d discuss both options in detail below.
The cloud saves the day
If you’re not familiar with ransomware, it occurs when malware is installed on a law firm’s in-office systems, with bad actors oftentimes exploiting a vulnerability caused by a failure to install necessary software updates. When that malware is activated, all data stored on a law firm’s on-premises servers can be locked up and held hostage for ransom. For law firms, this type of attack can be devastating since law firm data is rendered inaccessible by the attack, and client data is at risk of being exposed publicly.
One of the easiest ways to protect your law firm from ransomware attacks is to transition your law firm to the cloud. The good news is that most lawyers are already using cloud computing. According to the 2020 ABA Legal Technology Survey Report, nearly two-thirds of lawyers (59%) reported using cloud computing for work-related purposes. The use of cloud-based technology by the majority of law firms is a positive trend for any number of reasons, not the least of which is that it provides protection from ransomware attacks.
This is because law firm data stored in the cloud is housed on servers located offsite. As a result, the servers—and the data stored on them—are protected from ransomware attacks, whereas any and all law firm data stored locally onsite is potentially susceptible to the attack.
If you’re still unconvinced about the value of cloud computing as a way of protecting your firm, a recently proposed New York Senate Bill Bill S6806A may change your mind. This bill “prohibits governmental entities, business entities, and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack.” Presumably, the goal is to deter would-be criminals from engaging in ransomware cyberattacks by removing the incentive: the ransom. But the end effect is to prevent businesses subject to ransomware attacks from complying with the ransom demands.
This means that if this bill is enacted and your New York law firm is a victim of a ransomware attack, any law firm data stored on your firm’s hacked in-office servers will be lost since you will be prohibited from paying the ransom required to get it back. In comparison, all law firm data that is encrypted and backed up in the cloud is immune from ransomware attacks. The easiest way to avoid this issue altogether is to protect your firm by moving it to the cloud; so if your law firm is in the minority and isn’t already using cloud-based software to house or back up its data, it should be.
The Encrypted Client Portal Solution
When it comes to phishing and other email-based attacks, the most obvious solution is for lawyers to avoid using email altogether. In recent years, technology has improved significantly, and more secure electronic communication methods have emerged, rendering unencrypted email insufficient for certain types of client communication. Instead, the better option is to use a more secure communication tool such as the encrypted client portals built into law practice management software.
The ABA acknowledged this fact in 2017 in Formal Opinion 477. In this opinion, the Ethics Committee concluded that unencrypted email may not always be sufficient for client communication and that lawyers may want to consider more secure methods of communicating and collaborating with clients, including a “secure internet portal.”
Some law firms are already on board according to the ABA Legal Technology Survey Report, with 26% of lawyers surveyed reporting that their firms offer clients access to a secure client portal, which is defined as a “client-specific, password-protected portal/extranet where lawyer and client can interact and transact business online.” This is up from 22% in 2017.
In 2021, the percentage of firms relying on this secure way to communicate with clients will most certainly continue to increase in light of recent ethics opinions from 2020 wherein the ethics committees have adopted the ABA’s more secure communication standard. Secure communication is imperative as we head into the post-pandemic world, so If your law firm isn’t already using encrypted client portals for communication, there’s no better time than now to make the switch.
The time to transition to the cloud and secure client portals is now
There are two key takeaways for lawyers seeking to protect their firms from cyberattacks. First, make sure to store your law firm’s data in the cloud. Not only will your firm enjoy the benefits of 24/7 convenient, secure, and flexible access to law firm information, the data will also be protected from ransomware attacks. Second, use secure client portals for all communications and avoid unencrypted and unsecured email at all costs. That way all of your law firm’s confidential client communications will be protected and your employees won’t be at the risk of falling victim to spoofing and phishing email traps.
So if your firm isn’t already using cloud-based software and secure client communication portals, why not? Now is the perfect time to make this important transition.