This resource has been written by guest author Collin Walke. Mr. Walke leads Hall Estill’s Cybersecurity and Data Privacy Practice. He is CIPP-US and CIPM certified and is a certified artificial intelligence systems auditor. Mr. Walke received his B.A. in philosophy from Oklahoma State University, his J.D., magna cum laude, from Oklahoma City University School of Law and is a graduate of Harvard’s Business Analytics Program.
Law firms are one of the most lucrative targets for cyber criminals. Phishing, ransomware and other attacks are becoming increasingly more common for law firms. As I noted in a previous article, in 2021, the American Bar Association reported that one in four attorneys suffered a data breach.
Given those statistics, cybersecurity should be a priority for every lawyer and law firm employee. Below are five easy ways you can increase your cyber protection today.
- Begin password rotation. If you are not already rotating your passwords at least annually (and preferably, quarterly), you are increasing the risk of a cyber-attack. It is not uncommon for hackers to obtain login credentials through dark-web sources. As a result, routine alteration of your password can help protect you against cyber-attacks. Additionally, you should check to ensure that your passwords are of sufficient strength (i.e., not using “password” or “1234” for your actual password). It is relatively easy for hackers to identify simple passwords.
- Update your software. Failing to update software affects functionality and security. Software updates often contain patches that plug cybersecurity holes in the software. As a result, making sure your software is up to date can help protect you against cyber-attacks.
- Create a “Bring Your Own Device” (BYOD) policy. Law firms often allow employees to use their own personal devices for work. While this is not a best practice, if your firm allows employees to use their personal devices for work, a BYOD policy is essential. It is also essential that you train your employees in what they can and cannot do with personal devices. For example, the more apps employees download onto their personal devices, the more attack vectors are created. Not all apps are safe, and some contain malicious code. As a result, a BYOD policy can help protect you against a cyber-attack and can also help limit your exposure in the event an employee violates the BYOD policy.
- Check your insurance policies. One of the worst things that can happen to a firm is a cyber-attack for which there is no insurance coverage. Law firms are high priority targets for hackers because lawyers often hold valuable personal and financial information, and many firms fail to keep up with appropriate cybersecurity protocols. As a result, checking your insurance policies to make sure you have adequate cyber insurance coverage today can go a long way to protecting you down the road. OAMIC insureds can see their included cyber liability and data breach response policy language on the OAMIC Cyber Liability information page.
- Conduct a cyber audit. While having a qualified cybersecurity specialist conduct a cyber audit will cost money, it will also identify potential vulnerabilities within your system and allow you the opportunity to fix them before they are exploited. Any known vulnerabilities can also be addressed on a case-by-case basis, enabling you to determine your risk tolerance for a given threat.
The threats posed by technology are rapidly increasing. As a result, lawyers need to take steps today to prepare for potential events tomorrow.