The Meridian Blog: Tech News, Tips & More for SMB and Enterprise Environments

DC Law Firms Can be Prime Targets for Cyber Security Threats and Hackers

Robert Bruce

Posted by Robert Bruce
Thu, Jul 03, 2014

law firms are prime targets for hackers imageCybercrime is evolving rapidly, and hackers are always on the lookout for high-return victims. In their search for sensitive and valuable data such as trade secrets, financial reports, intellectual property, and business strategies, some cyber thieves view the legal industry as a prime hunting ground for their nefarious activities. Law firms in our nation's capital and the surrounding areas are no exception, and may actually be even more attractive targets to cyber criminals, due to the high-profile nature of clients in DC.

Data theft at any enterprise can have tragic consequences. Accounting firms, medical offices, and engineers also have privileged information, but law firms must set an especially high bar regarding data protection because of client confidentiality. Loss of a client’s trust because their data was compromised while in the possession of their lawyer can be crippling to a law firm’s reputation. Whether your law firm is small or large, the same basics apply to establishing a security program.

1. Top-Down Awareness is Essential

Senior partners should set the security tone "from the top."  This includes high-level directives regarding the privacy and security of both in-house and client data. Enterprise policies and guidelines on remote access, encryption, bring-your-own-devices (BYOD), corporate email, and social networking should be clear to all. Cultivate a culture of data security. Make sure that all employees, from the most senior partners to the newest mail clerks, feel like a member of the security team. Data loss prevention and protection at a law firm is an all-in issue that involves everyone—attorneys, management and support personnel, not just the IT guys.

2. Inventory and Prioritize

Know your software and its capabilities. Categorize your data and assign risk priorities. Not all data is equal. Extremely sensitive material may have the highest risk and cause the most harm if breached. This information may require higher security measures such as stronger encryptions and access controls. It may even require separate servers.

Antivirus software is essential, but it is does not detect all threats. Deploy the necessary technologies for encryption, intruder prevention and detection, security event management and system monitoring. This may require outsourcing through a managed services provider (MSP).

3. Recognize the Source of Threats

In general, data leaks result from one of three sources—external, internal, and user error. Externally, they may be competing law firms, or opposing sides trying to compromise a case. Or, they may just be cyber vandals like hacktivists, who are anarchists wishing to harm the law firm and/or its client(s). Internal threats could include a disgruntled employee, who for whatever reason wants to harm the organization, or steal valuable data.

As egregious as this type of cyber-crime is, the majority of data loss occurs because of user error. The human factor is where most of the risk lies. Lost laptops, misplaced thumb drives, sending unencrypted emails, these are just some of the security lapses law firm employees at all levels sometimes do.

4. Rehearse and Respond

Have a plan in place in case of a data breach. Rehearse and perform regular crisis simulations that specify what data has been compromised, when the incident occurred, and who will be notified.

Cyber forensic authorities may need to be contacted, as well as clients. Law firms, and other businesses, are subject to breach notification laws. Be prepared to outline your security program and show that it complies with accepted policies and procedures.

5. Ignorance is No Excuse

The American Bar Association states that attorneys have a responsibility to their clients to keep up with the benefits and risks of “relevant” technology.

Like it or not, lawyers now have to be tech savvy and very aware of the rapid changes in information technology. A law firm practicing today without a sound cyber security policy in place is placing both its own and its clients’ data at risk.

New Call-to-action

Robert Bruce

Ready to Become a Pro?

 Our White Paper can help.

whitepaper-4-key-elements-for-building-your-technology-road-map-thumbnail-3Subscribe to our blog and get your copy of "4 Key Elements to Consider When Building Your Technology Road Map"

You'll learn:

  • What role people play in determining your road map
  • How to build a plan in a multi-device world
  • What types of applications need to be considered
  • How data plays a key role in success


Subscribe to get your copy

Leave A Comment

About this blog

News, best practices and more to help you get the most out of your office technology. Whether you're an SMB owner who wears a lot of hats, or an enterprise IT director, facilities manager or just someone who wants to work smarter — this blog has the resources you need to maximize the business impact of all your tech investments. Be sure to subscribe to receive email updates about new posts!

Download our eBook



Sort Posts by Topic

see all