Likely you’re tired of blogs and articles that talk about cyber security. Unfortunately we continue to see law firms that are stuck in the dark ages that either have been data breach or cyber security targets or will be soon. Don’t make yourself an easy target. Many firms have not taken the needed steps to address the issues facing anyone that ventures out in into the 2018 cyber world.
The top 2018 threats that you need to be prepared for are:
1. Ransomware: Where malicious software is placed on your machine and/or network and your computer access is held hostage until money is paid.
2. Technology Obsolescence: If software updates and new technology are not implemented in a timely fashion, breaches can occur.
3. Encryption: Keeping client data safe on all devices.
4. Bring Your Own Device (BYOD): When employees bring their own laptops and cell phones onto your network, security can be compromised.
5. Remote Access: Working remotely requires a secure link to the office.
6. Email Phishing scams: Even savvy employees fall for emails that look like they came from legitimate sources.
7. People: Most breaches trace back to human error. Your employees are your weakest link but training can improve this.
A 2017 PwC study that reported that employees and outside vendors account for over 50% of the data breaches. Even though we all have cyber targets on our back, learn to be as small a hack target as possible.
Keys for Cyber protection in 2018:
1. Build a Culture of Cybersecurity: Embed security in the daily routine and provide training for employees, vendors and even customers if necessary. Awareness and standards for appropriate conduct is key.
2. Establish IT Governance: Understand and manage your IT hardware and software, ensuring adequate support and upgrades, whether using inside or outside experts. Scrimping on technology can leave you wide open to a breach. For example, running Windows 7 is just asking to be hacked.
3. Regularly Review Internal Policies and Procedures: Cyber security is just as important today as finance and administration. Hire an outside firm if you lack the expertise.
4. Ensure your 3rd Party Partners are not easy targets: When you link or use others’ software or have contractors on your network, invest in proper training and security for those users. Vet all the partners and vendors. Do not allow 3rd party problems to become your problem.
5. Invest in IT: No matter what firm size, adequate training and resources for the Cyber security is a must. Remember everyone in your firm can be the source of a breach.
6. Purchase Cyber Insurance/Data Breach Coverage: Even if you have done everything right. Data breaches happen. Make sure that you have cyber insurance with both 1st and 3rd party coverages and understand what is and is not covered.
7. Know What to Do: In case of a hack or data breach be prepared with a plan prior to the breach.
Having a well-established cybersecurity culture that includes training and an understanding of the threats facing your firm are necessary. Firms need to make the necessary improvements, such as training; phish testing; requiring two-factor authentication for remote access, and funding intrusion detection and prevention systems. Lastly remember that most cybercrimes originate within the firm. Great cyber security is no substitute for old fashion checks and balances.