The Department of Homeland Security has designated October as National Cyber Security Awareness Month. Their goal: to emphasize the critical importance of cyber security while providing resources to stay safe online, and recover faster from an attack.
Now, more than ever, lawyers should take heed. Law firms have become are becoming prime targets for hackers because of the confidential, and often controversial, information they deal with daily. Cyber crime through ransomware has become more common in small law firms and hackers typically demand payment via bitcoin because the currency is hard to trace.
Consider what happened in May, 2016 to a 10-lawyer Rhode Island law firm. A lawyer in the firm clicked on an email attachment which released a ransomware virus that disabled the firm’s computer network for three months. Staffers were rendered “essentially unproductive,” according to a lawsuit filed against their insurance provider claiming $700,000 in lost billings. The firm also had to pay $25,000 to the hackers to release documents.
These breaches aren’t isolated incidents, according to the ABA 2016 Legal Technology Survey Report. It notes that more than one in 10 firms has experienced a data breach; that jumps to one in four for firms with at least 500 attorneys. Even more alarming is that about half of all firms have dealt with a virus or malware infection that could potentially decrease billable hours, damage files, and increase IT expenses.
According to the same ABA study few solo and small law firms are taking the appropriate steps to encrypt confidential data. Sending unencrypted emails or storing unencrypted files sends an open invitation to hackers.
- Only 19.7% of solo firms encrypt emails and only 32.1% encrypt files.
- 9% of firms with two to nine attorneys encrypt emails and 32.2% encrypt files.
New ABA Ethics Mandate for Secure Client Communication
It’s no wonder that, this May, the ABA’s Committee on Ethics and Legal Responsibility issued Formal Opinion 477. It states, in essence, that if you communicate with clients via email, store any client data on a server, or transmit client documents, you need to exercise reasonable effort to make sure this information isn’t hacked. If you don’t, you’re breaching legal ethics.
Here’s the conundrum: What the ABA didn’t outline is precisely what is considered a reasonable effort in securing electronic communication. Instead, they said lawyers need to consider, for every communication:
- How sensitive the information is
- The likelihood of disclosure without safeguards
- The cost of using additional safeguards
- The difficulty of implementing these safeguards
- How much these safeguards adversely affect the lawyer’s ability to represent clients, such as making devices or software excessively difficult to use
But who really has time to analyze each and every communication to determine and implement the level of cyber security it requires?
An All-in-One Solution
The most efficient way to keep yourself covered, your information secure, and your reputation intact is to look to security solutions that are automatically provided through leading cloud-based law practice management systems that offer same stringent security as global financial institutions. You can rest assured knowing that your client and matter information is well protected in transit and in storage, without having to vet and compensate cyber security experts on your own. These systems also provide a secure client portal allowing you to electronically communicate and collaborate with clients in a secure environment rather than through unencrypted email.
Of course, not all practice management solutions are created equal, especially when it comes to cloud security. Here are three questions you need to ask when you’re evaluating vendors:
- Are you SOC 2 Type II certified, and what other certifications do you have?
- What is your encryption for my data in both transport and storage?
- How often do you back up data?
Find out why these questions are very important, and find out what else you should be asking, by taking a couple of minutes to peruse this cyber security checklist.
Remember, if you think it’s too expensive to enlist the cyber protocols which a secure practice management system automatically provides, consider the price of even a single breach.