Stéphane Nappo, 2018 Global Chief Information Security Officer of the Year and world-renowned cybersecurity leader once said, "It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it."
In legal services where trust, confidentiality, and credibility are of utmost importance, small to mid-sized law firms can no longer afford not to take a strategic, proactive approach to their information technology and security.
The Kentucky Bar Association has also weighed in, issuing a Formal Ethics Opinion in 2018 stating that attorneys have an ethical responsibility to implement cybersecurity measures to protect clients’ information.
What measures do you have in place to protect your network and your clients’ information from cyberattacks? Don’t fall for the belief that "it’s not going to happen to me." Small to mid-sized businesses are increasingly targeted by cybercriminals, and confidential client information is a high-value target for cybercrime.
Ransomware: A Costly Threat to Law Firms
For that reason, small to mid-sized law firms must remain vigilant in understanding their cyber risk and the threats they face. One of the most prevalent and potentially damaging threats today is ransomware, a type of malware that infiltrates the victim’s network and encrypts their data. The hacker then demands that the victim pay a ransom to regain access to their data. Ransomware is particularly dangerous because it can infect not just a single hard drive, but also any data within the victim’s network or server. Ransomware attacks can even strike the cloud.
The ransom demanded by the criminals is just a part of the total cost of a ransomware attack. Organizations must also factor in the cost of the downtime resulting from the attack, the average of which increased from $141,000 in 2019 to a staggering $274,200 in 2020.
Unfortunately, it’s not uncommon to have a false sense of security regarding your cyber threat readiness. Organizations that fall victim to ransomware usually have protection measures such as antivirus software and firewalls in place. But amid a quickly evolving cyber threat landscape, these tools alone are not strong enough to protect your firm, your clients’ data, and your reputation.
Building Your Cybersecurity Layers
A determined hacker will find and exploit any gaps or weaknesses in your defenses, which is why we recommend a multi-layered approach to cybersecurity.
With a layered approach, each component of your cybersecurity plan has a backup to counter any flaws or gaps. This approach aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, voluntary guidance that integrates industry standards, guidelines, and best practices to help organizations understand and manage their cybersecurity risks.
The NIST Cybersecurity Framework includes five primary functions: Identify, Protect, Detect, Respond, Recover. Your cybersecurity layers should enable you to identify and protect your firm from cyber threats, detect when a bad actor has breached your defenses, and position your firm for the best possible outcome when responding to and recovering from a breach.
In regulated industries, following the NIST Cybersecurity Framework can help organizations comply with regulatory and compliance standards for data security, such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).
Your Network Security Checklist
Following the NIST framework, you can start building your cybersecurity layers. Below is our essential network security checklist. If you are not already doing these things, you should be—whether through your internal IT department or with the help of a managed service provider:
- Security Awareness Training. With 94% of malware delivered by email, your firm’s security is in the hands of your people. Security awareness training is essential to equip your end-users with the information they need to make smart decisions and protect themselves and your entire organization from harm.
- Sophisticated Password Policy. Up to 73% of passwords in use are duplicates, which means if your password is leaked in one data breach, any other account using that password is also compromised. Password policies set organization-wide rules about password strength and complexity (e.g., irregular capitalization and special characters) to prevent password re-use, prohibit weak passwords, and improve your network security.
- Multi-Factor Authentication. Also known as two-factor authentication, multi-factor authentication (MFA) requires users to provide multiple forms of verification in order to sign in to an application or account. MFA is highly effective, blocking more than 99% of unauthorized login attempts, even if a hacker has a copy of a user's current password.
- Firewall. A firewall monitors incoming and outgoing network traffic based on a set of rules, acting as a barrier between a trusted network and an untrusted network. It controls access to your network by only allowing traffic that has been defined in the firewall policy.
- Web and Content Filtering. This software blocks content transmitted over the internet or via email that is deemed inappropriate or dangerous. These filters are a key tool in protecting your organization from spam, malware, phishing attempts, and more.
- Patch Management. "Patching" refers to the process of distributing and applying updates to software and firmware. These patches address functionality errors or "bugs," boost performance, and close security gaps that would otherwise leave your systems, software, and applications vulnerable to cyberattacks.
- Endpoint protection. Think about all the devices your firm uses: laptops, workstations, and mobile devices, but also printers, scanners, copiers, security cameras, and more. Every device connected to your network is a potential entry point for hackers—and an endpoint that needs to be protected.
- Backup and Disaster Recovery. Part of your business continuity plan, backup and disaster recovery refers to your process for backing up and restoring your data and getting your systems and network up and running again after an IT or business disruption. Business continuity and disaster recovery (BCDR) solutions can also mitigate damage and downtime following a ransomware attack. In fact, four out of five small businesses with BCDR recover from a ransomware attack within just 24 hours.
- Dark Web Monitoring. The dark web is home to many illegal activities, including the sale of stolen data, including personally identifying and sensitive information leaked during customer data breaches. Dark web monitoring tools scan the dark web for email addresses and passwords within your firm’s domain so you can identify and address these vulnerabilities before they can be exploited by a hacker.
- Managed Detection and Response. This advanced security solution combines next-generation monitoring software and a 24/7 security operations center to identify and isolate suspicious behavior on your network in real-time. If your preventative measures fail, these tools act as the security cameras that catch cybercriminals sneaking into your network and the alarm systems that alert you to the breach before the cybercriminals can execute an attack.
The First Step? Understand Your Risks
Ransomware attacks cost organizations thousands of dollars to pay the ransom, recover data, restore their systems, and protect their networks from repeat attacks—not to mention lost business, productivity, and reputational damage. And yet, all too often firms rely solely on their incident response plan—the response and recovery actions taken after a breach has already occurred—as their cybersecurity program.
Instead, pair your incident response plan with these essential cybersecurity layers focused on mitigating your risk and preventing a breach from happening in the first place.
Has your firm ever had a cybersecurity risk assessment? If you don’t know what security measures your firm currently deploys or you are still relying on the same tools you used even a few years ago, your firm, your data, and your clients are all at risk.
A cybersecurity assessment will proactively identify gaps in your current IT infrastructure to help you understand potential security threats, the associated risks (e.g., downtime from ransomware), and the impact they may have on your firm so that you can shape a security strategy that protects your valuable, confidential data and preserves your clients’ trust.
This article was originally published in the April 2021 edition of the Northern Kentucky Bar Association's Lex Loci.