25 Questions to Assess your Law Firm’s Cybersecurity Habits

Chief Executive Officer at NetWatcher
July 07, 2016

Determine if Your Law Firm is Safe from Cyber Attack

In today’s digital age, law firms are more vulnerable than ever to cyberattacks. Firms of all sizes have experienced increasing numbers of security breaches, and the legal industry’s defense is low. Managers and employees who practice unsafe cybersecurity habits put themselves and their firms at high risk.

Both managers and employees should ask themselves the following questions to assess their security habits. These guidelines will help any law firm become a harder target for hackers.

Questions for Management:
  1. Would your firm survive if you lost all of the computers and share drives on your network?
  2. Is every desktop protected by anti-virus/anti-malware software, and is this software up-to-date?
  3. Do you have a spam filter in place?
  4. Are the devices on your network encrypted?
  5. Do you require users to use a Virtual Private Network (VPN)?
  6. Do you back up your company’s data?
  7. Are you keeping the firmware up-to-date on all of your networking equipment and servers/computers?
  8. Are you keeping all of your systems (operating systems, firewalls, software solutions, Flash, Java etc.) up to date with the latest security patches?
  9. Are you creating and enforcing password policies?
  10. Do you require employees to sign data use policies?
  11. Do you have and update a disaster recovery/business resumption plan?
  12. Do you have and enforce an employee separation policy?
  13. Do you carry 1st/3rd party cyber liability insurance? Are you sure you are meeting all of the policy requirements?
  14. Are you educating your employees in regards to cyber security issues?
  15. Are you continuously monitoring your network security 24×7?
  16. Do you require vendors to have similar security controls when they access your data/network?

If not, you should consider a security assessment from a reputable firm.

Questions for Employees:
  1. Do you know how to recognize a suspicious link?
  2. Do you know how to recognize a suspicious website that may have dangerous malware?
  3. Do you know why you should not download programs without a trusted origin?
  4. Do you know why documents and other downloads need to be scanned by anti-virus software?
  5. Do you know why it is important to create unique, strong passwords?
  6. Do you know why it is risky to write them on a piece of paper hidden under your keyboard?
  7. Do you know why it is important to keep your software up to date?
  8. Do you understand your firm’s data use policies?
  9. Do you know how you would survive if you lost all the data on your laptop and network drives?

If not, you should ask your firm about cyber security training. You can also attend classes at Lynda.com

Poor security habits endanger all types of organizations. A study released by CompTIA found that nearly 50% of U.S. employees across industries receive no cybersecurity training from their employers. Because of the high level of risk in the legal space, it is crucial for managers and employees to be aware of the security risks that exist and behave accordingly. Addressing these questions is the first step to ensuring that your firm is on the right track.