Cyberattacks and ransomware attacks have ratcheted up since the pandemic and law firms have become an increasingly attractive target for cyber criminals with their huge store of valuable information, data, confidential corporate information, tax and other data.
The reputational and business risk for law firms from such attacks is massive. As ransomware attacks continue the average payout according to a recent report from security firm CrowdStrike is $1 million.
As Forbes reported recently a report released in May by security firm BlueVoyant found that 15 per cent of a global sample of thousands of law firms showed signs of compromised networks, and all firms were subject to targeted threat activity.
And law firms in the US, the UK and elsewhere all remain vulnerable to such attacks. An October American Bar Association report found 29 per cent of law firms reported a security breach of their computer systems with one in five saying they were unsure if there had been a breach and 36 per cent saying they had experienced malware infections.
The 2020 ABA Legal Technology Survey Report showed that only 43 per cent of respondents use file encryption and fewer than 40 per cent used email encryption, two-factor authentication and intrusion prevention.
LawFuel spoke with Dan DeMichele, (left) the VP of Product Management at LogMeIn, parent company to LastPass on the key things law firms need to do to avoid ongoing cyberattacks.
As businesses shift to long-term hybrid workforces, employers will need to be able to secure their employees’ information and provide secure access to the apps they need to get their work done from a variety of locations. With 29% of law firms reporting a security breach in 2020, and 36% reporting past malware infections in their systems – a lack of strong security tools could be a factor.
It’s important for law firms to take steps to ensure that they avoid cyberattacks. The following is a list of key steps to take to avoid cyberattacks:
Use a password manager
Store and generate secure passwords and save notes, files, and payment cards to save you significant time and effort, while promoting strong password security. Some password managers also offer Dark Web Monitoring, which allows people to see if their information has been compromised on the dark web.
Adopt a Multi-Factor Authentication solution (MFA)
With the right MFA application, employees can enjoy a frictionless login experience while also thwarting cyber-attacks.
Ensure secure access
Know which employees have access to which applications and have a method to seamlessly remove access if an employee leaves the organization.
Avoid password reuse
Through the use of a password generator that auto-generates and fills in a random, secure password when signing up for something new or changing an old password.
Prepare for remote work
When working remotely, automatically sync devices to have passwords show up automatically across all devices and ensure that you’re protecting all entry points to the business (such as VPNs, workstations, etc.).
Share logins and passwords securely
Use a password management system to share credentials and information to give the team secure and convenient access.
Use SSO (single sign-on)
Enable employees to securely access multiple work resources with only one password.
Add an additional layer of security to employee logins.
Educate people on phishing events and what constitutes a likely phish. A password manager can help employees with this.
Put users at the front and educate employees on cybersecurity risks.
Last but not least, everyone is responsible for their security. Ensure employees are practice safe and effective cybersecurity hygiene.
Examples of threats and technical developments being made to avoid law firm cybercrime attacks
On top of the remote work dynamic, cybersecurity is increasingly important to legal firms as the number of breaches in the news increases. Law firms tend to be more vulnerable than other types of businesses due to a lack of use of strong security tools. The 2020 American Bar Association TechReport reported that 29% of legal firms experienced a breach in 2020, a figure that has risen since the prior publication of the report in 2019.
The first prominent ransomware attack was DLA Piper in 2017, and since there have been a record number of attacks on firms including high profile firms such as Seyfarth Shaw’s malware attack, which started as an email phishing campaign. In addition, earlier this year, five law firms were targeted in a wave of ransomware where the hackers published law firm data on the web for the public to see. The hackers infiltrated systems using email with malicious attachments.
As attacks become more common, and ransomware demand grows, technical developments such as MFA solutions, password managers, SSO, and Dark Web Monitoring abilities are being created to ensure people’s online safety. In addition, firms need to train their employees on cybersecurity risks.
Law firms are faced with the challenge of increasing security to maintain brand reputation and to prevent data breaches, without impacting end-users’ productivity. A security breach is detrimental to a business’ reputation, so it is imperative to mitigate the risk of a breach to protect a law firm’s reputation.
Dan DeMichele, VP Product Management, LastPass at LogMeIn
Dan DeMichele is the vice president of product management for the market-leading password manager, LastPass at LogMeIn. Dan has more than 20 years of experience leading both development and product management software teams for small startups and large corporations, bringing disruptive technologies to market and achieving commercial success. Prior to joining LogMeIn, Dan led product management at IBM, building out all consumable data and analytics services for Watson Cloud. He also held previous product leadership roles at Cloudant, IBM (Coremetrics), Unica, BEA, and Plumtree Software.