Here is a recent Daily Record column. My past Daily Record articles can be accessed here.
*****
ABA Technology Survey Results: Cybersecurity Measures Taken by Firms
If cybersecurity isn’t on your radar in 2020, then it’s high time you made it a priority. The risk of a breach that could compromise your law firm’s confidential client data is an increasing likelihood, especially if your firm hasn’t enacted security measures designed to counter cybersecurity threats.
This is especially so in the wake of news, as reported by the ABA Journal in mid-February, that a Texas law firm’s data was hacked and then its data was published online. The confidential information disclosed included fee agreements and diaries from personal injury cases.
Earlier in February there were also reports that ransomware attacks hit three different law firms.These types of attacks occur when law firm employees receive an email that appears to be legitimate but was sent by a hacker and includes a malicious link. Once employees unwittingly click on a phishing link or a link infected with malware, your firm’s data can then be exploited.
If you’re still not convinced that cybersecurity should be a priority for your firm, then the results of the 2019 ABA Legal Technology Survey Report should do the trick. According to the Report, 26% of lawyers reported that their firms had experienced a security breach such as a lost or stolen computer or smartphone, an attack by a hacker, a break-in, or a website exploit. And, 36% indicated that their law firm technology had been infected with a virus, spyware, or malware.
If your firm doesn’t have a cybersecurity plan in place, rest assured you’re not alone. According to the Report, only one third of lawyers surveyed (32%) reported that their firms had a full security assessment conducted by an independent third party.
That being said, the survey results showed that most law firms overall were taking cybersecurity issues into account, but some were implementing more security precautions than others. One popular security measure enacted by the majority of law firms (86%) was spam filters. Others included firewall software (80%), anti-spyware (76%), pop-up blockers (74%), desktop or laptop virus scanning (68%), mandatory passwords (68%), email virus scanning (67%), network virus scanning (64%), and hardware firewalls (52%). Other less popular types of security tools used by fewer than 50% of the firms included file encryption (44%), email encryption (38%), file access restriction (38%), intrusion prevention (34%), intrusion detection (32%), web filtering (25%), whole/full disk encryption (22%), and employee monitoring (21%).
Another security measure increasingly taken by law firms is to use more secure online channels for client communication. After all, email communications and employee actions are often the weakest link when it comes to law firm security, so communicating using more secure methods simply makes sense. This is especially so in light of the issuance of Formal Opinion 477 by the ABA Standing Committee on Ethics and Professional Responsibility in May 2017. In that opinion, the Committee opined that unencrypted email may not always be sufficient for client communications, especially when the information being discussed is of a particularly sensitive nature. The Committee concluded that in that instance, lawyers may want to consider more secure methods of communicating and collaborating with clients, including using a “secure internet portal.”
The good news is that in 2020 lawyers have more options than ever when it comes to securing their law firm’s systems and communicating securely. In recent years, technology has improved significantly, and more secure electronic communication methods have emerged. That’s why more and more firms are choosing to use client portals to securely communicate. According to the Report, 29% of law firms now offer clients access to a secure client portal, up from 22% in 2017. Some of the top ways that lawyers reported that their firms used client portals include document sharing (42%), messaging and communication (38%), invoicing and bill payment (34%), and case status updates (23%).
So if your law firm isn’t prioritizing cybersecurity in 2020, then what are you waiting for? There’s no better time than the present. If your firm isn’t taking precautions to protect its data and educate employees about phishing and hacking schemes, then it could be the next firm to make the headlines following a breach or ransomware attack. Don’t be that firm. Instead, take steps to secure your firm’s data and make sure that the only reason it makes headlines is for winning cases – not getting hacked
.Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.