Credit: American Bar Association
4. Update software – especially when it is no longer supported
This costs money, which is a major reason many firms don’t do it. The thinking is comparable to keeping an old car – it’s running fine, so there is no good reason to spend money buying a new one.
But that makes sense only as long as the software is supported. After that, it is a bit like continuing to drive the old car when you can no longer get service or parts for it. If the water pump goes, you’re stuck with a much more expensive problem than if you’d upgraded earlier.
And when a system is no longer supported, that means it is no longer patched. It is another version of the leave-the-door-open syndrome.
5. Block executable files, compressed archives and unidentified users
While human failure can always undermine technology, that doesn’t mean tech can’t offer a measure of protection. If “.exe” or zip files are blocked before they reach users’ inboxes, employees can’t click on what they never see.
The network should also be programmed to block any unidentified users from modifying files.
6. If you use cloud storage, make sure your firm controls the encryption key
Simek said some cloud providers don’t allow users to define the encryption key, “because they fear that if the user forgets (it), their backups will be useless. Although that is certainly a possibility, if a firm is planning to use a cloud-based backup, it will want a provider that allows it that control,” he said.
7. Make your cybersecurity program meet the needs of potential clients
An increasing number of clients are using security consultants, “to give them a template that they can tailor to their own needs depending on the type of data they have and the size of the firm they are looking at hiring,” Parker said.
Zeughauser said one of the things law firm executives say “keeps them up at night” is the increasing demand for security from clients. “Their clients are telling them, if you don’t do all those things, you’re not going to pass our audit and we’re not going to hire you,” he said, adding that technology is on track to become the second-largest annual expense of law firms, exceeded only by the cost of staff.
“For 60 to 70 years, the second biggest expense has been rent,” he said.
There are standards that will certify a firm’s cybersecurity, including the ISO 27001, but Parker said only a few firms have adopted it. That may be in large measure because it is both expensive and time consuming.
Sign up for CIO Asia eNewsletters.