These days, cybersecurity is top of mind for most lawyers. This is because unsuspecting law firm employees are increasingly falling prey to sophisticated phishing and ransomware schemes, oftentimes distributed via email. Once an employee unwittingly clicks on a phishing link or a link infected with malware, law firm data can be hacked, or even worse, held hostage.
As the results of the ABA’s latest Legal Technology Survey Report show, this heightened risk has resulted in law firm’s incorporating increased security measures into their firm’s systems and day-to-day processes. According to the Report, more firms are appointing someone – or hiring someone- who is responsible for law firm data security. For solo and small firms lawyers, that person is most often a lawyer in the firm, with 84% of solo lawyers reporting that’s the case, as did 29% of lawyers from from firms of 2-9 attorneys. For firms with 10-49 lawyers, the two top choices were a person who is a member of their IT staff or is an external consultant or expert (29% each). Finally for the larger firms with 100 or more lawyers that person is often the chief information officer, with approximately 50% reporting that’s the case.
The lawyers surveyed shared that their firms employ a variety of security precautions. For starters, nearly a third of lawyers surveyed (32%) reported that their firms had a full security assessment conducted by an independent third party. Another popular security measure was spam filters with 86% using them. Next up was firewall software (80%), closely followed by anti-spyware (76%), and pop-up blockers (74%).
Other types of security tools used by 50% or more of law firms include desktop or laptop virus scanning (68%), mandatory passwords (68%), email virus scanning (67%), network virus scanning (64%), and hardware firewalls (52%). A few of the less popular types of security tools used by fewer than 50% of the firms included file encryption (44%), email encryption (38%), file access restriction (38%), intrusion prevention (34%), intrusion detection (32%), web filtering (25%), whole/full disk encryption (22%), and employee monitoring (21%).
The lawyers surveyed also indicated that their firms’ clients were a driving force behind the adoption of security measures, with 26% reporting that a client or potential client asked their firm for security requirement documents or guidelines. Another 18% shared that a client or potential client has asked their firm to complete a security questionnaire, and 11% reported that a client or potential client requested a security audit or other review of their firm’s security.
Because of the increased cybersecurity threats, the use of cyber liability insurance is on the rise, with 33% of firms taking out policies (compared to only 17% in 2016). Other precautions taken by the firms included physical security measures such as entry security (59%), locked or secured server room and computer locks (36% each), or a password management tool (21%).
Finally, despite all of the above cybersecurity precautions, 26% of lawyers reported that their firms had experienced a security breach such as a lost or stolen computer or smartphone, an attack by a hacker, a break-in, or a website exploit). And, 36% indicated that their law firm technology had been infected with a virus, spyware, or malware.
The fact that more than one third of all law firms had experienced a virus, spyware, or malware infection is no surprise, since email and employee actions are often the weakest links when it comes to law firm security. In many cases, law firm employees receive phishing emails and unwittingly click on dangerous links, leading to the installation of malware on the firm’s servers that allows hackers to obtain confidential information. Malicious actors can even lock down the entire system and hold the data for ransom, which is not an uncommon occurrence in recent years.
The good news is that lawyers now have more options than ever when it comes to securing their law firm’s systems and communicating securely. In recent years, technology has improved significantly, and more secure electronic communication methods have emerged, rendering unencrypted email insufficient for certain types of client communication, as the ABA recently acknowledged in Formal Opinion 477. In this opinion, the Ethics Committee concluded that unencrypted email may not always be sufficient for client communication, and that lawyers may want to consider more secure methods of communicating and collaborating with clients, including a “secure internet portal.”
That’s why more and more firms are choosing to use client portals to securely communicate. According to the Report, 29% of law firms now offer clients access to a secure client portal, up from 22% in 2017. Some of the top ways that lawyers reported that their firms used client portals include document sharing (42%), messaging and communication (38%), invoicing and bill payment (34%), and case status updates (23%).
We’re proud to report that MyCase was in the top 3 for legal-specific products used to offer a secure client portal for communication and collaboration!
To learn more about how to use client portals to improve security and streamline communication in your law firm, make sure to download this FREE guide, “Fixing the Communication Problem.”