Home » Uncategorized » How Can Law Firms Manage Cybersecurity Risks

How Can Law Firms Manage Cybersecurity Risks

While cybersecurity is constantly evolving, law firms are recognizing the impetus for enhanced security. According to the ABA, cybersecurity is the the most prominent risk law firms are experiencing in 2017. Law firms that recognize this risk have taken steps to mitigate the cyber threats however cybersecurity has not become fully incorporated in the day-to-day processes of many offices. Unlike various professions that have incorporated cybersecurity into their everyday lives rather than relegating the task to IT experts, the legal profession falls behind in the cybersecurity investment. This problem is primarily attributed to cost-restrictive measures where money is invested in a small group of people that focus on cyber threats without really teaching employees how to protect their information.

Despite the above concerns, clientele are becoming a primary contributor to implementing enhanced cybersecurity measures. Since law firms handle a large volume of sensitive client information, they are a major target for cyber criminals. As more and more client information is stored electronically, growing concerns from clients are prompting action from law offices to ensure clients peace of mind and protection. At this point, the majority of law firms are playing cybersecurity catch-up in relation to other professions. Since law firms are notoriously known for being resistant to change, this change, which has been mandated by some clients, may produce rather drastic differences within the working law office structure. Introducing these new safety measures must be met with enhancing employee training and knowledge to respond to cyber threats.

In order to combat the growing concerns involving cybersecurity, the ABA Journal offers various proposals on how to keep client information safe. Senior-level engagement is a priority when implementing cybersecurity measures, as accountability among senior partners is a key aspect in implementing security measures across the firm. Knowledge gaps must also be addressed, and the ABA has provided firms with more access to basic information about cyber safety and how to take individual measures to protect sensitive information on a daily basis. In addition, keeping up-to-date on national standards (from the National Institute of Standards and Technology and ISO/IEC 27001) assist with ensuring compliance and can provide firms with additional resources.

In addition to education about cybersecurity and implementing proactive safety measures, it is also advantageous for firms to consider reactive plans when a hacker obtains access to a firm’s sensitive information. Creating an incident response plan, that goes beyond the traditional crisis management policy, are filled with specific roles and responsibilities that should be performed immediately after a breach is detected. This can only be accomplished through organization-wide coordination starting from the management to every partner and associate. The chain of command and responsibilities must be company-wide. By allowing these changes, law firms can become better equipped to protect against increasing threats and know what to do when a breach occurs. Protecting client information is of the utmost importance to retaining clientele and protecting their sensitive data. The more information that is stored electronically, the greater the risk for cyber threats, the legal profession is no exception and cannot afford to stall when it comes to enhancing cybersecurity in the digital age. http://www.abajournal.com/magazine/article/managing_cybersecurity_risk

Kristen Schulz