Cybersecurity for Law Firms: ETHICALLY NOT GUILTY!

As more and more attorneys are focused on innovation as the industry becomes more and more competitive, many firms are differentiating themselves from the pack through technology.  Web portals, Apps, Zoom Litigations, these applications are allowing attorneys to support their clients in more ways than they have in the past.  As the scope of all industries and professional services shift during “the roaring 20s”, and more of their employees become connected remotely, they are faced with providing the burden of proof in minimizing risks to the client or sensitive information.

Most firms in the Richmond Market identify themselves as small to medium firms, and in that capacity, you are able to focus more on overall processes and govern a lot of changes through standardization and overall need.  The most important piece of the puzzle to start with is understanding what the firms themselves need to be concerned with. Just as with medical institutions, Attorneys have an Ethical and Legal Obligation to Safeguard Sensitive Information.  Just as medical practices are governed by HIPAA laws and standards, the American Bar Association sets regulatory duties that “lawyers must employ reasonable efforts to monitor the technology and office resources connected to the internet, external data sources, and external vendors providing services relating to data and the use of data.”

So, what could attorneys do to satisfy these requirements and minimize risk?

• Have in place a Managed Firewall Device
• Provide Data and Device Encryption for Hardware inside and outside of the office.
• Provide a baseline of Training to Personnel on Cybersecurity Threats
• Improve File Access and Control Policies
• Use Email Encryption

Cybercrime takes a variety of forms – ranging from phishing scams to social engineering attacks to sophisticated technical exploits and everything in between. But hackers aren’t the only threats that attorneys need to be concerned about. Unfortunately, many firms don’t take the steps toward preventative measures necessary to minimize the risks involved with the above threats. Just a few years ago (2018) The American Bar Association reported in an article by David G. Rise that most firms do not have the right solutions in place.

 “While a dedicated, full-time Chief Information Security Officer is generally only appropriate (and affordable) for larger law firms, every firm should have someone who is responsible for coordinating security. The larger the firm, the more necessary it is to have a full-time security officer or someone who is to dedicate an appropriate part of their time and effort to security. The 2018 Survey asks who has primary responsibility for security in respondents’ firms. As expected, responses vary by size of the firm. The respondent has primary responsibility in solo firms (84%), the respondent or an external consultant/expert in firms of 2-9 attorneys (27% and 33%, respectively); IT staff for firms of 10-49 attorneys (41%) and 50-99 (47%), a chief information officer in firms of 100-499 (56%) and firms of 500+ (62%). A small percentage (2%) report that nobody has primary responsibility for security—a high-risk situation.”

From this data, there were 53% of respondents in which only 37% of those even held Cybersecurity Insurance, while an even staggering 24% only used encryption.

Some takeaways from this would be enforcing data encryption, enforcing strong password policies, having two-factor authentication, and implementing security measures such as intrusion detection, response plans, and control policies while working with-in the guidelines of your regulatory agencies.  The good news is that working with a technology firm through outsourced IT, (such as Bastionpoint Technology) is knowing that we close 85% of these large gaps through managed service and work with our partners to remediate the other 15% that are often inhouse processes that need to be developed.

If you and your business are inside of the Legal realm in Richmond, (large, small, or even going out on your own) we are there to help.  As a team, we are happy to put our years of expertise to work for your firm while exceeding those ethical standards and obligations to keep your sensitive data yours.  For more information about becoming a partner, please feel free to reach out to us at 804-612-9876 or email us at support@bastionpoint.com.

The post Cybersecurity for Law Firms: ETHICALLY NOT GUILTY! appeared first on Bastionpoint Technology.