5 Ways To Protect A Law Firm's Data

By Chris Crellin, VP of Product Management, Intronis

Cybercriminals are everywhere, and they target everyone — from SMBs to large enterprises, government agencies, nation states, and even political organizations including the Democratic National Committee (DNC), which announced in June its networks had been breached. Hackers are working 24 hours a day, seven days a week, 365 days a year to find and exploit vulnerabilities that allow them to steal confidential and sensitive data and sell it to the highest bidder. Are some more at risk than others? You bet.

While breaches at retailers, healthcare agencies, insurers, banks, and financial institutions have snagged recent headlines, law firms have seen their share of security incidents as well, including 2015 computer network breaches at Cravath Swaine & Moore and Weil Gotshal & Manges, two of the nation’s most prestigious firms. These two firms are not alone, though, and in March 2016, Crain’s Chicago Business reported a Russian cybercriminal targeted close to 50 elite law firms across the U.S., attempting to steal data in order to trade on insider information. Do you see a trend here?

Many law firms don’t take the time or have the resources to fully combat these threats. Others simply don’t understand how real or dangerous these threats are to their businesses. Either way, law firms are a great target for cybercrime — and an awesome prospect for MSPs and IT solution providers. And don’t forget, these guys bill three times what the average MSP or IT pro does so be competitive and don’t lowball your services.

How To Win The Case And Protect The Data

When data is stolen from a law firm, or any business for that matter, it can place a great deal of strain on financial resources. For starters, the firm must notify everyone whose data was compromised in the breach, investigate and control the breach, and cover the costs of any litigation and/or fines that result from the breach. Then, there are all of the intangible costs that must be accounted for — damage to the firm’s brand and reputation, the loss of customers, and even a decline in the value of the business.

Here are five ways an MSP or IT solution provider can help law firms protect their critical data and information so that any of the aforementioned financial ramifications will become a moot point.

1. Educate the end user. Knowing what the business is up against is half the battle. The best way to prevent cyber attacks is to educate the law firm’s end users on their network and show them how to turn off auto-downloads for e-mail attachments, save and scan attachments before opening them, and avoid clicking on pop-up windows and advertisements in web browsers. MSPs and IT solution providers should also be diligent about helping law firms select and deploy technology solutions that comply with industry regulations such as HIPAA, FINRA, and PCI DSS. They can add value by working with their customers to train staff members on proper procedures and protocols for safeguarding client records and sensitive personal data as well.
2. Implement the right backup and data protection solution. One technology that plays a crucial role in protecting critical business data is backup and disaster recovery (BDR). While there are a number of different options — from popular “freemium” services to business-grade data protection — MSPs and IT solution providers can guide law firms in selecting the right solution by verifying that the level of security complies with industry-specific regulations for data storage, transfer, and retention.
3. Check the compliance box. If an organization is found to be non-compliant with HIPAA, FINRA, PCI DSS, or other regulatory standards due to the use of new software or infrastructure solutions, they are liable to pay hefty fines and risk their reputation in the event of a data breach or other security incident. MSPs and solution providers can help to prevent this from happening by ensuring the law firm is compliant.
4. Put security safeguards in place. For law firms, the threat of data theft is as dangerous as the actual data loss for law, so best practices include having an intrusion-prevention system in place and security software running on their computers. These can include anti-virus software, firewalls, spam filters and multi-factor authentication, as well as utilizing third-party pen testers to verify network security. MSPs can help ensure that all security patches are up-to-date and deploy new patches on a regular basis for their law firm customers.
5. Document security policies. MSPs and IT solution providers can further differentiate themselves by helping their law firm customers establish company-specific security policies that work to educate associates and guide behavior, in addition to protecting the business and adhering to regulations.

The key take-away here for MSPs and IT solution providers is that the legal services industry is ripe with opportunity, but knowing how to navigate this lucrative field requires precision and accountability, selecting the right vendor partners and assuming nothing. By listening, learning, and teaching the customer, MSPs and IT solution providers will be helping their customers keep cybercriminals at bay and driving their own business success at the same time.

Chris Crellin is Senior Director of Product Management for Intronis MSP Solutions by Barracuda, a provider of backup and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.