Cyber Risks for Law Firms: 4 Safeguards to Protect Your Practice with Zahn Nel


Zahn Nel - Filepro CIO and LawCPD Contributor

As lawyers increasingly rely on technology, now more than ever, law firms need to implement measures to safeguard their business. In our course, Lawyers' Ethical Duties in the Digital Age, Zahn Nel, CIO of FilePro Legal Practice Management Software, explores 4 critical safeguarding measures and provides practical steps law firms can take to protect their firm against cyber risks. 

Safeguard 1: Improve password security 

What was once optional is now necessary. In particular, 2-factor authentication (2FA) is quickly becoming mandatory for business cyber insurance. In addition, lawyers should also improve their general password hygiene. This includes replacing generic firm-wide passwords with passwords unique to each lawyer that are complex and changed frequently.  

Safeguard 2: Review remote work setups

At the start of the pandemic, law firms had to move quickly to enable their employees to work from home (WFH). Often, this led to many firms adopting ad-hoc and insecure solutions exposing critical data safeguarding gaps. Today, when WFH has become the norm, many law firms still rely on the same solutions - continuing to put themselves and their clients at risk. 

Screen sharing is an example of a highly insecure remote working method, which, unfortunately, many law firms still use. This approach requires the computer and screen to be left open in the office when WFH. As a result, anyone in the office, such as cleaners, maintenance, or other staff, can view what your team is working on without authorisation.

If firms are required to lock up physical client files, why treat digital files any differently?

Another example relates to the use of Office 365 and emails. Many law firms have reported compromised accounts, resulting in fake emails being sent as replies after the emails have been intercepted. Office 365 does provide an MFA solution that prompts users every time they log in from a new device. However, this solution needs to be enabled to provide protection for remote working. Not all firms have done this, which exposes them to greater vulnerability to cyber risks.

Safeguard 3: Have a designated IT Champion

Does your law firm have a designated IT champion? If not, get one! Having a go-to person who actively participates in discussions on IT security procedures and strategies is critical as they will know the firm's current manual processes and culture. 

Besides being comfortable with procedures and technology, this person should preferably have a senior position at the firm. This makes it more likely that new cyber security standards filter effectively throughout the entire business, resulting in a more comprehensive approach toward IT and cyber security

Safeguard 4: Assess real costs and benefits

Conducting a cost-benefit analysis is vital in deciding how much to invest in a solution that delivers outstanding service to your clients while providing high data security. 

When doing this review, it's critical also to include the potential financial cost and the impact on a firm's reputation in case of a data breach or other cyber risks. Small, incremental steps can contribute towards a strong foundation for your firm's IT security.

More tips for improved cyber resilience:

4 long-term strategies to build your firm's cyber resilience:

  1. Align insurance policy requirements with the firm's cyber security strategy
  2. Rehearse cyber security incidents and correct response
  3. Reach out to your insurance broker to get examples of cybersecurity incidents that affected businesses similar to yours
  4. Form a relationship with the “insurance response team” - this will be useful in case of an incident. 

3 practical steps you can take today:

  1. Reach out to your tech provider to learn best practices on cyber resilience for law firms. Don't navigate these issues alone!
  2. Visit the ACSC website to review the Essential 8 Maturity Model and compare it with your systems.
  3. Get staff on board by introducing ongoing training on best practices.

Discover our new course, "Lawyers' Ethical Duties in the Digital Age" for a deep dive into how technology impacts the legal profession.