These are five hard lessons that our clients learned in the past year that can help you improve your systems before you are attacked.
1. Even a no-name firm’s business can be interrupted. One small firm felt (correctly) that it was not a target. They do general practice work (litigation, corporate advice, real estate, etc.) and serve small and midsize companies and their executives. But the firm was attacked by a tech robot from Asia, leaving the firm unable to access their systems for three days. It doesn’t appear that the firm was specifically targeted; it was merely one of the millions of companies attacked every day. Its clients were inconvenienced by the slowdown in work product, and some of them had to be told that their private data may have been stolen.
2. Bad internal communication can hurt you in times of crisis. When there is a cyber incident — especially one that affects all firm employees — it is critical to act fast in a unified manner. Our client didn’t have all employee contact information in a second location outside the firm network. When the network was compromised and determined to be off limits, it was difficult to communicate with all employees with proper instructions regarding work location and which services could be used. The firm now has a cyber response plan that includes all employee contact information and important vendors to limit business downtime when there’s a cyber crisis.
3. Poor IT standards hurt during reboots. During a recent firm-wide rebuild of their systems following a cyber event, one of our clients was delayed because their lawyers had a bad habit of storing their emails in their inbox for years. Each lawyer had tens of thousands of emails, making the rebuild process much longer than it needed to be.
4. Loose IT permissions can be your Achilles’ heel. A firm’s entire system was breached because it erroneously allowed each attorney who was logging in remotely to adjust their own security settings. No one likes extra, time-consuming security steps, but once the firm decides to implement security protocols, IT must “hardwire” the software systems to only follow those rules.
5. Insurance coverage can make a big impact during claim time. A client recently improved their cyber coverage to include business interruption and a robust rebuild reimbursement just two months before a major cyber event hit their firm. The full financial impact is still being evaluated, but the firm is very happy knowing that at least the coverage will be there. The insurance company’s coverage of these major costs has helped the firm spend time and resources on working with their clients during this time of crisis.
The effect of cyber claims on law firms is just starting to be realized. Your IT consultant may very well be terrific and you may be investing in technological protection, but the “bad guys” are pretty smart and becoming more aggressive every year. It is not a question of if you will be impacted, but when. By taking these lessons to heart, you can learn from the mistakes of other firms. A good audit of your cyber hygiene and training schedule — and working with an insurance broker who understands cyber coverage for law firms — can make all the difference.