Law Firms Under Cyber Siege: 5 Lessons for 2018
It’s no secret that in the law firm world, we are under siege. From hacktivists to regular crypto-attacks, law firms across the country are feeling the pain from cyber events. Most of the headlines, understandably, cover the fallout from such occurrences at the largest firms. However, small and midsize firms are much more susceptible to damage from cyberattacks because of lower IT budgets and smaller cash reserves to withstand, at a minimum, significant financial losses.
These are five hard lessons that our clients learned in the past year that can help you improve your systems before you are attacked.
1. Even a no-name firm’s business can be interrupted. One small firm felt (correctly) that it was not a target. They do general practice work (litigation, corporate advice, real estate, etc.) and serve small and midsize companies and their executives. But the firm was attacked by a tech robot from Asia, leaving the firm unable to access their systems for three days. It doesn’t appear that the firm was specifically targeted; it was merely one of the millions of companies attacked every day. Its clients were inconvenienced by the slowdown in work product, and some of them had to be told that their private data may have been stolen.
2. Bad internal communication can hurt you in times of crisis. When there is a cyber incident — especially one that affects all firm employees — it is critical to act fast in a unified manner. Our client didn’t have all employee contact information in a second location outside the firm network. When the network was compromised and determined to be off limits, it was difficult to communicate with all employees with proper instructions regarding work location and which services could be used. The firm now has a cyber response plan that includes all employee contact information and important vendors to limit business downtime when there’s a cyber crisis.
3. Poor IT standards hurt during reboots. During a recent firm-wide rebuild of their systems following a cyber event, one of our clients was delayed because their lawyers had a bad habit of storing their emails in their inbox for years. Each lawyer had tens of thousands of emails, making the rebuild process much longer than it needed to be.