How Law Firms Can Implement a Cyber Security Program

CHICAGO, April 19, 2017 /PRNewswire/ -- Here's a scary statistic: One in four law firms with 10 to 49 attorneys have experienced a data breach, according to the American Bar Association's TechReport 2016 survey. And this security threat isn't just significant — it's growing. Last year, just 14 percent of firms of that same size say they suffered a data breach.

Law firms are warehouses of data, holding client information and other sensitive documents that are of considerable value to hackers. Larger firms also may be the target of foreign government or corporate-sponsored cyber attacks seeking to obtain valuable intellectual property, insider trading insights, information pertaining to government contracts and international corporate strategies. Smaller firms also are vulnerable to some of these risks, and may become the target of cyber criminals seeking to steal personally identifiable information, personal health information, tax records and billing information of clients and of the firm.  To enhance protection against cyber threats, many firms already use common data security tools such as spam filters, anti-spyware, software-based firewalls and virus scanning.  However, these tools do not ensure comprehensive protection.

"One of the best lines of defense to a cyber threat is the human factor. Firms should actively raise awareness among their staff of potential phishing and email scams that often circumvent any firewall that the firm may have in place," said Michael Barrett, Esq., Risk Control Director, Lawyers Professional Liability Program at CNA.  "In addition, firms should create a positive culture in which employees are encouraged to report accidental opening of suspect emails and attachments.  Often times, these scams have a 'timing element' involved."

In order for law firms to close their cyber security gaps, they should implement eight specific security risk management measures. Read more.