Evaluating & Responding to a Law Firm’s Cyber Security Risks

As big box retailers and companies worldwide continue to face cyber security breaches, law offices need to take a proactive approach to safeguarding their client information and confidential data. So, how does a law firm prevent themselves from becoming another breach statistic? First, it starts with recognizing their exposures, then hiring a chief security officer and taking the necessary steps to protect digital assets. In this article, we’re going take a closer look at how to prevent and respond to a threat.

There is no shortage of ways for law firms to secure their information. Here are some ideal strategies to implement:

  • Develop a cross-organizational team that can collaborate and work together to mitigate risks, including IT, finance, communications, HR, and security personnel.
  • Set the “tone from the top” and issue high-level policies regarding the privacy and security of firm data. This includes the use of encryption, remote access, mobile devices, thumb drives, laptops, Wi-Fi “hotspots,” clouds, Web email accounts and social networking sites, recommends the American Bar Association.
  • Inventory the firm’s software systems and data, and assign ownership and categorizations of risk. Client data may need to be compartmentalized; not all clients are equal. Extremely sensitive matters have the highest risk and could cause the greatest magnitude of harm if breached. Firms may want to keep this data on a separate server with stronger security protections and stronger access controls.
  • Establish a point of contact for any service provider the law firm utilizes, including cloud providers, law enforcement, cyber forensic experts and internet providers.
  • Revamp your security efforts including antivirus software and malware detection software. Conduct test penetration attempts to see how solid the programs are and if there are any gaps in cyber protections.
  • Implement an encryption, intrusion detection, and monitoring program.
  • Develop a response strategy for any suspicious behavior that’s detected.
  • Inquire about third-party cyber security controls and how their risk might be shifted to you in the event of a breach.
  • Secure your law firm with Cyber Liability Insurance. Hackers are still in their infancy and threats continue to grow each day. Address these and protect your bottom line with insurance like you would any other potential threat.

A firm will be in a far superior position with its clients, its state bar and any regulators that may become involved if it can show that:

  1. Its security program is aligned with best practices
  2. Its management is engaged
  3. It is complying with its policies and procedures, and
  4. Tools are deployed to detect malware and criminal behavior.

In our next post, we’ll go into detail about how to respond to a cyber threat. Stay tuned!


About ISU-The Olson Duncan Agency

At ISU-The Olson Duncan Agency, our goal is to provide clients with a total solution, not just a quote or a contract. We provide businesses and individuals with insurance and risk management solutions, and we aim to provide real value and build trustworthy, long-term relationships with our clients. To learn more about our services, give us a call today at (310) 373-6441 to speak with one of our professionals.