Law firms can’t seem to get away from cyberattacks. Data breaches have led to millions of leaked attorney-client privileged documents alongside sizable, long-term losses related to data recovery and reactive security measures. The threat level is high and the ensuing reputational damage following a breach is immeasurable. It’s clear that among all the landscape shifts across the legal industry, effective data security is a chief driver in determining which firms lead as others are left behind. Here are five signs that your firm is at risk for an attack:
- You haven’t taken stock of your data: Assessing your current unstructured data and overall network environments should be number one in your litany of data security priorities. What data exists within file shares? How is the data structured? Is the data stale or active? Who owns the data? Who has access to the data? Where is access non-secure or non-standard? What are the policies for governing the data? If you aren’t able to answer these questions either in-house or alongside a trusted security partner, you may be at high risk.
- You haven’t implemented basic security measures. A majority of firms — as high as 80% — fail at basic security protocol and preventative measures, such as two-factor authentication, USB, email and laptop encryption, as well as intrusion detection and prevention systems. The bar is heightened for law firms, particularly when it comes to ensuring that case data is secure and doesn’t cross boundaries between clients with competing cases, patents or intellectual property (IP).
- Identity and access management protocols are undefined. Determine your data access structure and where permissions should be managed. This will involve proposing owners for all data, how access is granted and what policies, procedures and reporting is in place so that you can audit all of the required information regularly.
- You haven’t considered privileged access management. Managing the people that have the keys to the castle is vital. Having security around how Privileged Access is granted and managed will reduce risks.
- You don’t have a standard policy to govern transitions Do you have data policies in place for when employees leave the firm? What do these transitions look like for partners vs. paralegals or executive assistants? Employee transitions can be fertile ground for a data leak or potential breach. You need to be able to ensure that emails, unstructured data, case file access, and user permissions are transferred over from and to the appropriate people and teams during a time of transition.
Want to learn more about building a proper data governance framework to meet the needs of your legal firm and its clients? We’ve got you covered from risk reporting and remediation to the data security component of GDPR.