We recently asked our legal technology experts for advice on enhancing law firms’ cybersecurity in 2021. 

Q: What trends are you seeing with law firm IT security?

A: The biggest trend I see relates to malware and phishing attacks on email systems. This threat has increased significantly since Covid struck the country last year. Most users are still working remotely and by themselves and may not have IT experts readily available to review a potentially suspicious message. End user training is key to fighting these attacks, and ongoing security education must continue with remote workers.

The biggest theft of money and reputation tend to revolve around tricking a legitimate user to click on or reveal a critical password or bit of personal information. A training program that continually educates
users on how these attacks work is the way to solve the issues. Performing exercises and running IT-sponsored phishing campaigns to test how users can spot these attacks are excellent tools to help the
first‐line defenders, your users, steer clear of these threats.

A successful malware attack can cost many thousands of dollars to a law firm in terms of lost hours and reputational damage. Cleaning up from any type of ransomware attack costs far more than the education program to prevent it.

Q: How did law firms change their IT security approaches to survive 2020?

A: Being nimble enough in IT operations and security to stand up remote access solutions was key last year. In the past, remote access might have been reserved only for the billers or high earners in a
company. With entire offices forced to go remote, being able to quickly stand up 20, 50, 100 or more new remote access seats was critical to keeping firms afloat. A good identity management program that validates users via a password and multi-factor authentication also was important to success. When Covid struck in late March, a law firm that had already moved to a cloud desktop environment was mandated to shut down. With the remote access already set up, the firm was able to pick up right where they left off the next day. This amounted to minimal effort by IT because remote solution was already in place. Read the case study here (link).

 

Another client was in the middle of implementing remote desktop solution this past spring when Covid hit. The project was fast-tracked, and all users were on cloud desktops by the end of the second day after a mandatory shutdown. If the organization had been operating on traditional onpremises desktops, the entire law firm would be unable to work since the office was closed. Supporting cloud applications and cloud desktops allows for greater flexibility in support and scale. This has only accelerated this past year and will continue in 2021.

Q: Did 2020 changed anything else in law firm IT security?

A: When home users in the past asked to work remotely, IT would give minimal specifications on the home internet setup. A basic internet connection, and maybe a firewall was specified by the IT team. But when home internet became so important to keeping the business running, IT had to adapt and support home environments in a more vigorous fashion. With all the home internet access, security policies have had to be adapted to support the new norm. By extending more of the home office into the firm and vice‐versa, designing a secure solution has become so important. Robust firewalls, VPN setups and reliable internet has become just as important at home as it was at the office. Every computer on the home system is now a possible threat to law firm IT security. The IOT devices, home school laptops, and even the printer are all possible new ways to gain access to corporate data.

Q: What changes in IT security should we expect in 2021 and beyond?

A: I see a continued acceleration of security audits performed by vendors and clients. With the Panama Papers leak, many organizations see data loss as being a number one issue for compliance and loss of reputation. Knowing how your partners and vendors protect data is important in maintaining attorney/client privilege, ISO certifications, HIPPA, GDPR and California’s CCPA compliance.

Expect to see everincreasing malware attacks. This is due to a lack of security training, and the low adoption of multi-factor authentication for critical email infrastructure. Expect to see companies pay large consulting fees to migrate off legacy operating systems such as Windows 7 and Server 2008. There are still many organizations that have these systems in place. It is a ticking time-bomb and a vector for malware, which will eventually run afoul of security audits.

If you’d like to discuss threats to legal professionals’ security and learn how to defend your data, contact an Innovative Account Executive at [email protected], call 1-800-541-0450 or click below.