Posted by Derek Fitzpatrick, General Manager – EMEA, at Legal Futures Associate Clio
Whether you care to admit it or not, your legal practice is vulnerable. Hackers are becoming more aware of the wealth of data held by most law firms. They know how to find that valuable information and how to get it. They also know that most law firms don’t appreciate the threat that cyber attacks present, and are vulnerable. In fact, Cisco ranked legal as the seventh most vulnerable industry in its annual security report.
The primary reason for the most high-profile attacks in recent years has been to gain insider information on mergers and acquisitions. While your practice may not be handling large corporate deals of this type, when it comes to your clients’ electronic data, confidentiality is still a major concern. A successful cyber attack exposes you to a financial liability, can ruin your reputation and put your law license at jeopardy.
Unfortunately, there is not one single step a law firm can take to ensure perfect security. Instead, each law firm needs to commit to a series of actions and reviews that can combine to create better information security.
Use the best lock for your data
The single greatest action a lawyer can take to improve their information security is to commit to protective password practices. This consists of implementing two different password approaches. The first is using strongly designed passwords featuring certain types of characters and a minimum length. Passpack is an excellent solution as it creates complicated passwords and stores them all in one place.
The second protective password practice is to enable two-factor authentication. Two-factor authentication requires the person attempting to login to prove their identity. Usually, this is done by submitting a code sent to the authorised user’s e-mail or mobile phone.
Make data theft useless
The second greatest action a lawyer can take to improve information security is to encrypt their data. Data sent through the internet should use SSL encryption, scrambling the data using one-time keys. This means that data is not transmitted in a readable format, but instead appears like gibberish to anyone that intercepts the data before its intended destination. All data on portable devices should be encrypted, either through the device’s own encryption system or by using a free program such as VeraCrypt.
Stop using e-mail
Following a recent investigation into a spate of conveyancing fraud cases by The Telegraph, the Conveyancing Association has advised solicitors to “not communicate with clients via e-mail”. It recommended traditional post as the preferred method of communication but there is an alternative in secure client portals.
Clio Connect is a client portal that allows Clio users to securely communicate, share documents, and send bills to any of their contacts. It has the same level of bank-grade security as Clio so legal professionals can rely on it to protect their data and their interactions with clients.
Revisit and review often
Protective password practices and encrypting data in motion will protect law firms from many dangers that could breach confidentiality. However, these actions cannot be allowed to stagnate and firms should undertake a security review at least every three months.
Firms must commit themselves to consistently reviewing their practices and implementing new ones when appropriate. Only when law firms make this a part of their normal business, should they consider themselves secure.
For more information on how you protect your firm, download Clio’s 12 Steps to Cybersecurity.