Advanced Cyber Security for Law Firms

Cyber Threat Protection Concerns

Without advanced cyber security tools in place, law firms will continue to experience a wide variety of cyber security concerns when it comes to protecting confidential attorney-client documents and secure product data, for example:

1. Case and/or litigation information
2. Confidential client information
3. Attorney-client privileged communications
4. Intellectual property
5. Payment and personally identifiable information

ABA Advanced Cyber Security Measures

Under the American Bar Association Model Rules of Professional Conduct, law firms are responsible for protecting client information by ensuring proper cyber threat protection measures are in place, for example:

• Model Rule 1.1 “Competence” requires attorneys to “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.”
• Model Rule 1.6 “Confidentiality of Information” Provision (c) states “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
• Model Rule 1.4 “Communication”, requires a firm to inform clients of any compromise.

Cyber Risks to Law Firms

Some of the top reasons why small and midsize law firms need a comprehensive cyber security solution in place include:

• Their reputation would be badly tarnished if client data were compromised
• Data managed by law firms is expected to be secure
• Law firms may be subject to audit and review to ensure adequate defenses in place
• At risk for losing their business if security solutions cannot be demonstrated

However, despite the risk for a cyber-security breach, many law firms have still not implemented crucial cyber-security policies – according to the 2013 American Bar Association (ABA) Legal Technology Survey. In addition, according to a survey by the International Legal Technology Association (ILTA), firms have been slow to address the following security risks:

• 76% do not use or require two factor identification
• 72% do not use issue encrypted USB drives
• 64% do not automatically encrypt content-based emails
• 56% do not encrypt laptops
• 90% do not employ laptop tracking technology
• 61% have no intrusion detection tools
• 64% have no intrusion prevention tools

Identifying Threats & Vulnerabilities

NetWatcher works to identify potential threats and vulnerabilities that are created from employees and external entities, and enables you to remediate issues quickly and effectively. NetWatcher is a Managed Security Service Provider, focused on providing enterprise-level security management services, which only the largest law firms could afford in the past, to small and medium-sized law firms.

The NetWatcher managed security service warns company’s when there is an imminent threat to the network, and helps firms determine when there is activity happening that may lead to a breach. In today’s environment of widespread cyber intrusions, advanced persistent threat, and insider threats, it is essential for law firms to have real-time accurate knowledge of their network security posture so that responses to threats can be made swiftly.

Continuous monitoring is a risk management approach to cyber-security that maintains an accurate picture of a firm’s security risk posture, provides visibility into assets, and leverages use of automated data feeds to quantify risk, ensure effectiveness of security controls, and enable the firm’s IT support to remediate issues quickly.

Below are five key steps to ensure your firm has a sound cyber threat protection program in place:

1. Implement good corporate employee advanced cyber security policies with controls, enforcement and consequences. These policies should include the use of social networking, personal email, mobile phones etc. on the corporate network as well as many additional items (more).
2. Train the firm’s employees, contractors and vendors on the policies and the general security protections, such as understanding how a phishing attack occurs.
3. Ensure the firm has a cyber-liability insurance policy in place. These are not expensive and should be a part of every businesses insurance portfolio.
4. Audit your suppliers and require them in their contracts to ensure they have employee cyber related policies, cyber insurance and cyber security infrastructure support.
5. Use a managed security services provider to offer low-cost security services such as NetWatcher to keep an eye on the firm’s network and look for anomalous behavior 24×7, 365 days a year. Advanced cyber security services could be the savior of your firm.

A well-designed and well-managed continuous monitoring program can effectively transform an otherwise static security control assessment and risk determination process into a dynamic process that provides essential, near real-time security status.