Law Firms Beware: Data Breaches on the Rise
If your law firm hasn’t been breached, chances are very high it will. Cybersecurity in the legal sector is a growing concern, with cyberattacks occurring daily. Law firms are particularly susceptible to data breaches due to the nature of the information that resides on their servers and databases. Yet many may not be truly aware of the vulnerabilities and risks of the state of their current cybersecurity posture. In fact, many firms haven’t implemented modern cybersecurity best practices to protect not just their firm’s data, but that of their clients as well.
The American Bar Association (ABA) says that one in four law firms is a victim of a data breach including hostage and ransom, user error, surveillance, hacktivism, or other malicious activity. For the remaining 75 percent of firms who’ve been lucky so far and avoided a breach, get ready: it’s not a matter of “if” but “when.”
This is an even greater concern considering the ABA’s October 2018 opinion, which states that lawyers have an obligation to take “reasonable steps” to monitor for data breaches and are ethically obligated to monitor for breaches and notify current and former clients if data is compromised.
LogicForce conducted a survey in 2018 of more than 200 IT decision makers across small and medium-sized law firms (20-200 attorneys) throughout the U.S. Included among the survey’s findings:
- Less than half of law firms are implementing some of the top-weighted cybersecurity protocols such as multifactor authentication (47%), 3rd party risk assessment (37%), staffing the proper security executive (34%), and SOC monitoring (24%).
- The majority of law firms need better cybersecurity management. According to the survey responses, 67 percent of law firms place the responsibilities for implementing and managing cybersecurity policies on either IT directors or managers or some other non-IT executive at the firm. Roughly 1 in 3 (34%) of firms leave these responsibilities to personnel who have specialized knowledge of cybersecurity, such as a Chief Information Security Officer or an Information Security Manager.
Despite the threats, there are numerous actions you can take to protect your firm and ensure client trust. Where should you start?
- Ensure you have a senior-level executive on your team dedicated to overseeing your cybersecurity program. Ideally, they should be a member of your c-suite or Chief Security Officer.
- Explore options for managed detection and response (MDR) partners who can monitor, detect and respond to threats, leveraging both technology and human analysis to augment your staff enabling them to focus on other high priority objectives.
- As you evaluate potential partners, be sure you have complete visibility into what’s happening behind the scenes of your security provider’s operations.
- Conduct periodic penetration test assessments to ensure you are a step ahead of the hackers and identify if your systems, services, and data are exposed to malicious actors.
Security is a real and growing concern for all law firms. The sheer number of data breaches and cyberattacks can be overwhelming for any law firm. Talk to us for help implementing your security strategy.
By Keith Sazer | Director of Business Development, Critical Start
May 29, 2019
Stay Connected on Today’s Cyber Threat Landscape
RELATED RESOURCES
- Webinar
Analyst-Led, AI-Assisted: The Future of Cybersecurity Defense
Discover how human expertise and AI innovation are transforming the way organizations combat cyber t... - Webinar
Critical Start Platform Updates
We are excited to announce the latest enhancements to Critical Start’s Cyber Operations Risk &... - Datasheet
Critical Start Asset Visibility
Critical Start Asset Visibility gives you a single source of truth for your asset inventory, uncover...
RESOURCE CATEGORIES
- Buyer's Guides(1)
- Consumer Education(40)
- Consumer Stories(2)
- Cybersecurity Consulting(7)
- Data Breaches(15)
- Data Privacy(43)
- Incident Response(2)
- Interview(51)
- MDR Services(77)
- MobileSOC(9)
- News(5)
- Press Release(96)
- Research Report(11)
- Security Assessments(4)
- Thought Leadership(20)
- Threat Hunting(3)
- Video(1)
- Vulnerability Disclosure(1)