Law firms collect and store copious amounts of personal information, case details, and other digital assets. Unsurprisingly, cybercriminals have taken notice, targeting law firms with increasing rapidity.
Most prominently, last year’s ransomware attack on the entertainment and media law firm Grubman Shire Meiselas & Sacks serves as a stand-in for the challenges facing many law firms. The breach compromised more than 750 gigabytes of client data, and REvil, the ransomware gang behind the attack, demanded more than $40 million to restore network access and prevent client data exposure.
One industry analysis found that 15 percent of global law firms show signs of network compromise, and attempted cyber-attacks were ubiquitous throughout the sector, impacting virtually every law firm in 2020.
Meanwhile, a report from the American Bar Association notes that one in five law firms are unsure if they experienced a security incident. In contrast, one-third reported a security breach.
In addition to the ethical responsibility to protect client data, law firms are responsible for applicable state and federal laws covering data privacy and cybersecurity. Here are five cybersecurity concerns every law firm should be prepared to address in today’s high-stakes digital environment.
#1 Ransomware
Ransomware attacks are surging. There were more than 65,000 successful ransomware attacks last year, impacting a company every eight minutes. This threat applies to both global law firms, like Grubman Shire Meiselas & Sacks, and small and mid-size firms.
For instance, one report found that nearly a quarter of ransomware attacks are directed to professional services firms, including small and mid-size law firms.
The consequences can be devastating. The average ransom demands exceed $200,000, while the increased regulatory scrutiny, brand erosion, and client churn further increase the costs of a ransomware attack.
#2 Phishing Scams
Phishing scams, malicious messages that trick recipients into disclosing personal, financial, or account information, increased significantly during the pandemic. Phishing scams are one of the most common cyber attacks directed at law firms, and even before the pandemic, 80 percent of law firms reported receiving phishing attacks.
Unfortunately, these attacks are increasingly convincing as business email compromise (BEC) scams and spear phishing attacks become more difficult to identify and defend.
#3 Human Error
Verizon’s 2021 Data Breach Investigations Report found that 85 percent of breaches involved a human element, accounting for everything from phishing scams to accidental data exposure.
Especially as law firms embrace a hybrid workforce to enable operational continuity in a post-pandemic landscape, the human element represents a significant cybersecurity vulnerability.
Of course, people also have immense power to protect an organization’s digital landscape. Often accessible cybersecurity features, like multi-factor authentication, can keep accounts secure. In addition, regularly updating passwords, carefully scrutinizing incoming messages, and using a trusted VPN service can significantly improve cybersecurity.
#4 Data Breaches
Each of these cyber threats makes a costly data breach more likely. The average cost to recover from a data breach approaches $4 million, and law firms can face legal consequences for failing to adequately defend client data.
This information is often distributed online through Dark Web stores and web forums, providing threat actors with the financial resources to develop and implement even more egregious cyber crimes.
#5 Inattention
Despite growing cybersecurity threats to law firms, many continue to underinvest in their defensive posture. For example, the American Bar Association found that less than half of law firms use file, disk, or email encryption, and less than 30 percent deploy intrusion control and employee monitoring tactics.
Rather than bolstering their defensive assets, many law firms are investing in cyber insurance policies, hoping to mitigate the financial impact of a data breach without addressing critical vulnerabilities.
However, research shows that cyber insurance actually enhances the threat of a cyber attack while many insurers are raising rates in response to a flurry of policy claims in the past year.
That’s why law firms should recommit to developing defensive capabilities to avoid a cyber-attack rather than putting a proverbial bandage on avoidable wounds.
Conclusion
Especially for small and medium-sized law firms, cybersecurity can feel like an expensive burden better left up to chance. That’s why Reis Informatica manages IT and cybersecurity so our clients can focus on what they do best, saving them time, money, and worry in the process.
Cybersecurity is too important to leave up to chance. Contact Reis Informatica today to request a complimentary business systems assessment to uncover any risks, issues, and concerns with your network.
.png?width=1080&name=GOOGLE%20REVIEW%20(1).png "GOOGLE REVIEW")