The Legal Industry and Cybersecurity Risks

A 2021 Cybersecurity Tech Report from the American Bar Association (ABA) informs law firms about the rising data, network, and cloud service risks. ABA’s 2021 Legal Technology Survey (statistics provided in the 2021 Cybersecurity Tech Report) examines cybersecurity protection and threats throughout law firms from reporting attorneys. This intersects with clients’ right to privacy. Attorneys have a duty to protect their clients. They must also follow cybersecurity guidelines for this reason. The report provides law firms, attorneys, and clients with measurable insights to improve cybersecurity.

What Are the Ways Cybersecurity Influences the Legal Industry?

A revealing aspect of the report is the substandard security practices. Most of the legal industry doesn’t even have cybersecurity considered basic by professionals. 

• 25% of attorneys and/or law firms encountered some kind of data breach in 2021

Attorney-client privilege requires lawyers to safeguard their data against cyberattacks. Unfortunately, hackers can exploit client information through weak cybersecurity. 

The ABA report outlines several technology rules attorneys must follow:

1. There are appropriate cybersecurity systems supporting client privacy
2. Attorneys give clients technology awareness and seek clients’ consent
3. Leading attorneys supervise all employees involved in the case

Legal obligations hold law firms and lawyers accountable to law duties. They ensure client information protection “relating to clients and other personally identifiable information.” Those in the legal sector understand the full spectrum of security. Identification, response, recovery, and ethics are equally beneficial. 

How Is Cybersecurity Handled?

As with state and local government, a consequential step for the legal industry is security coordination. This initiative will establish cyber safety management and responsibility.

The survey also indicates the disjointed nature of cybersecurity in proportion to firm size:

• 80% of respondents have primary responsibility in solo firms

Where chief security officers have primary responsibility:

• 13% of firms ranging from 100 to 499 attorneys 
• 16% of firms that have over 500 attorneys 

The ABA resolution bases law firm size as an indicator for cybersecurity programs. Budget, allocation, and amount of stored private information scales with the company. 

Another issue for cybersecurity practices is the exclusive views on policies and programs. Cybersecurity merges all aspects of technology. Although, it’s not always viewed that way, but as a separate burden that businesses push to focus on other concerns.

An incident response plan is necessary for cybersecurity, but only 36% of respondents have one. There are disparities among firm sizes that make it difficult to set cybersecurity. In smaller offices, there may be just one person handling IT. The responsibility could also be up to each individual lawyer. In larger corporations, IT responsibility may not be appropriately distributed or could get lost in the chain of command. 

How Do Breaches Impact Lawyers?

In 2021, firms of varying sizes experienced a breach:

• 17% in solo or firms with 2-9 employees
• 35% for firms with 10-49
• 46% with 50-99
• 35% with 100

Breaches caused a lot of reportable impacts:

• 36% of participants revealed that downtime/loss of billable hours affected their firms 
• 31% ended up paying consulting fees to mitigate cyberattack damages 
• 13% suffered complete devastation of critical files 
• 18% needed to replace technology devices

For firms with 50-99 attorneys, 26% underwent a disaster of some sort, either fire or flood. Overall, it affected 15% of law firms. These “acts of God” accidents can put companies of any type or size out of business. Unfortunately, almost half of attorneys (48%) say they have a disaster recovery/business continuity plan.

What Security Tools Support Cyber Safety?

Security tools can help prevent data loss. Law firms should employ a few, if not all, available to them:

• Spam filter
• Software-based firewalls
• Anti-spyware 
• Mandatory passwords
• Antivirus for emails, networks, desktops, and laptops
• Hardware firewalls
• Authentication and access controls
• Multifactor authentication
• Encryption
• Intrusion Detection Prevention software (IDS)
• Intrusion Prevention software (IPS)
• Pop-up Blockers 
• Network antivirus 
• File access restrictions 
• Employee monitoring
• Backup software and recovery 

Why Should Law Firms Consider Backup Recovery? 

In addition to these security measures, backup recovery guarantees that when breaches occur, data is not lost. Most cybersecurity professionals agree that there are either companies aware or not aware that they’ve been breached. 

The survey listed statistics regarding backup and law firms:

• 3% don’t back up their computer files
• 33% don’t know about backup

Types of backup include:

• 28% use external hard drives
• 25% use online backup
• 25% use offsite backup
• 12% use network-attached storage
• 7% use a USB
• 5% use cloud
• 4% use RAID
• 5% use CDs
• 3% use tape 
• 2% use DVDs
• 2% use another form of backup all together 

Solo and small firms generally use external hard drives and online backup. In larger firms with over 50 attorneys, respondents stated that they were uninformed about their work’s backup strategy. 

Experts in the cybersecurity space advise companies to run “multiple backups, including offline and offsite backups.” Maintaining backups is a part of cybersecurity hygiene. 

Respondents answered the frequency with which they were running backups: 

• 41% use constant live backup
• 26% used daily backups
• 10% backed up their data more than once a day
• 9% ran backups weekly
• 3% ran backups monthly
• 1% ran backups quarterly
• 10% didn’t know how often backups ran

Again, a good portion of participants was unaware of how often backups took place at their company. This answer increased with the firm size. 

What’s the Future of Cyberattacks and Why Should the Legal Industry Prepare?

Law firms are not immune to cyberattacks, even while most hackers target manufacturing industries. Forbes published an article on how “law firms are [an] increasingly…attractive target because of the nature of their business.” Depending on the sort of legal work and classified information, the legal space can have materials and knowledge attackers can exploit. Corporate data and tax returns are two examples of highly coveted documents. Hackers can steal sensitive information and then withhold or release it until law firms pay the ransomware price. 

One issue that Forbes mentions is the need for government agencies to protect the legal sector. Some law firms handle and store government secrets. They hold “information of interest to nation-states.” While this calls for tightened cybersecurity, “law firms [are] reluctant to share information on attacks for fear of losing control of confidential information.”

The article speaks to security tools that can be a force against looming cyberattacks.Security is central to software design at Macrium. Our applications give you complete control over where your data is stored and will operate fully offline for the most secure, air-tight networks.

Backup recovery stands out as insurance for when hackers take data. Macrium Software works with law firms to provide a solution based on pre-existing systems. Therefore, there’s no need to switch from cloud-based or [comparison]. Macrium provides businesses with backup solutions in case of breaches, ransomware, or cyberattacks. Check out our website to learn about installing effective backups to prevent data loss at Macrium.com.