Risk Insights: Cyber Risks and Exposures for Law Firms

Gone are the days when only the desktop computer in your office is at risk for a data breach. Technology changes quickly, and the latest developments are used in law firms today more than ever before. Information is stored electronically and accessed from laptops, tablets, smartphones, cloud computing systems and USB or flash drives. Risks for a data breach are everywhere, and law firms are especially susceptible.

Law Firms Are Attractive Targets

Law firms have a reputation for being easy to hack, making them appealing targets to data thieves. In late 2009, the FBI issued an advisory to law firms warning that they were specifically being targeted by hackers.

Law firms are also desirable for computer hackers because they store a large amount of sensitive material about clients, lawsuits and the firm itself. These materials could include details about high-profile lawsuits, business deals, mergers and acquisitions. Information like this could be leaked or sold to the media, the opposing party in a lawsuit or other interested parties.

Lower Your Risks and Exposures

The size of a law firm does not make it more prone to attack than another. However, firms are more prone to attack if they exhibit a weakness that attackers know how to exploit. For example, if your firm’s network can be accessed remotely, and if a portable device used to access it is left in an unlocked car, forgotten in a hotel room or lost at the airport, it would be easy for a data thief who picks up the device to access your network and the information on it.

You can do a lot to decrease the chances of a data breach at your firm. Many actions may seem obvious (such as using strong passwords or setting up firewalls), but others may be less clear-cut. Here are some steps you can take to increase your cyber security:

• Use different passwords and usernames for everything. This way, even if a hacker finds one set of logon credentials, the rest are still safe.
• Change your passwords regularly. Your network may be set up to automatically prompt you to do this after a certain amount of time. If not, set your own schedule.
• Be sure your laptop and other devices (including USB drives) are encrypted so if they are stolen or lost, your data is still protected.
• Control how much access your employees have to your data. Not everyone needs access to your case files, for example.
• If you have social media accounts, check them often to make sure they have not been compromised. Update passwords and other sign-in information regularly.
• Dispose of old devices properly. Wipe the device clean of all data, even if you don’t consider the data to be sensitive.

Cyber risks and exposures are a relatively new threat for law firms, and the ways hackers can access your network or cloud are constantly changing. Contact ECBM, LP today to talk about your cyber risks and learn how you can protect your firm and clients.