Just as legal professionals were becoming acclimated to the latest public health and economic upheavals, geopolitical tensions emerged to undermine any sense of stability.
Proving once again our interdependence and vulnerability to seemingly far-off challenges, the U.S. government has issued repeated warnings over the past months that cybersecurity attacks against Western businesses and organizations could be part of any attack by Russia on Ukraine. Despite little evidence of any widespread success with such attacks against U.S.-based businesses so far, such warnings only further reiterate to legal professionals the necessity of carefully managing their cybersecurity.
With the pandemic-driven move to remote work, threats to the digital infrastructure that makes safe and secure work possible are even more prevalent and serious. While cybercriminals may not be interested in all the information legal organizations generate, they are certainly interested in your clients’ data.
Here are three useful-to-remember cybersecurity phrases for uncertain times like these:
- Don’t set it and forget it.
- Defense-in-depth or layered security.
- Your people are your best defense (and weakest link).
Cybersecurity professionals have long preached about these concepts, which have gained widespread credibility as we continue to navigate through recent crises. As technology and events evolve, vulnerabilities and hacks change. Firms can’t rely on a single security solution to never fail — especially if it isn’t updated or an attacker finds a route unprotected by that solution. Backups are essential. Informing colleagues of potential threats and actively using multifactor authentication are key best practices. Take an extra moment to create a new email or pick up the phone to confirm requests for funds or confidential information. It will save a lot of time, heartache and money down the road.
The client information — discovery, agreements, details — held by law firms is attractive to hackers and, whether it’s a foreign actor or run-of-the-mill criminal, it can be weaponized in its own way. Constantly staying on top of your firm’s cybersecurity coverage and training users to be cybersecurity aware may sound more like information technology work than the practice or business of law, so talk to your colleagues who work with well-regarded, industry-experienced managed service providers.
These experts may be able to help you confront your biggest challenges or provide you with ongoing support. Being interdependent doesn’t mean going it alone.