The risk of your law firm being hacked took on a new level of urgency recently when the White House approved a Pentagon plan to create an independent and more aggressive cyber command, “in order to beef up cyberwar operations against the Islamic State group and other foes,” according to the Associated Press.
The plan will put the “digital battlefield” on the same level as more traditional realms of battle on land, in the air, at sea and in space. The move reflects the escalating threat of cyberattacks and intrusions from other nation states, terrorist groups and hackers.
The underlying message for law firms is that you are more vulnerable than ever to hacks, ransomware and viruses. If foreign actors could hack the 2016 election system, your firm may be a sitting duck for someone to steal your client’s IP, their credit card information, medical records and funds in trust accounts among other data.
CNBC reported that half of all small businesses in the United States have been hacked in the last year. It’s a coin flip.
And the cost of cyberattacks has never been higher. If you’re hit, your chances of survival are worse than a coin flip. According to the same report, 60 percent of businesses that get hacked go out of business in six months. It’s not quite “assured annihilation,” but if you don’t have the right protections in place it certainly will be for your firm.
Anti-Virus is Not Enough
A legal industry expert recently told me that if a small law firm’s system is breached, the firm may simply take bankruptcy. This seems like a draconian measure when you consider the time and expense of closing a practice then getting re-established elsewhere.
The time, money and hassle of following this path can be huge, to say nothing of the embarrassment of telling a client their data has been pilfered.
But many small law firms continue to drag their feet when it comes to this massive threat. Maybe they’ve heard it was too expensive. Maybe they heard it was time consuming. Maybe they heard that it would be too intrusive to their daily operations to finally “plug this leak.”
Another popular misconception is that your system is safe if you have anti-virus software on your system. In October 2014, Brian Dye, senior VP of Symantec said:
“Anti-virus is dead. Anti-virus is not able to keep up with the latest threats. It’s a dated, reactive technology that relies on inoculation code updates from the vendor. If the threat isn’t listed in the inoculation database, the threat passes right through! Anti-virus software is only 5% effective against a ransomware attack.”
Advances in cybersecurity have made it easier to implement and less expensive to have a patented, multilayered cybersecurity system that is proactive.
Your firm doesn’t have to have an IT person or a computer geek to lock down your systems with full cybersecurity.
This work can be out-sourced. For instance, we have a program that is unique, patented and proprietary allowing small law firms access to this powerful cybersecurity protection for not a lot of money.
Setting Up Your Cybersecurity Here are some things to consider when setting up your cybersecurity.
- A solution to complement your existing security systems (including firewalls/ antivirus/proxy server/ antispam/cloud filtering).
- A solution that will block all untrusted executable.
- A solution that doesn’t require large amounts of processor, network bandwidth, or memory.
- A solution that provides insight over existing executables on the network environment.
- A solution that ensures there are no unauthorized programs running or with the potential to run.
- A solution that provides a full audit trail of executable programs, the libraries called, and the security account that ran them.
- A solution that cannot be bypassed by staff, administrators, junior IT staff or consultants.
Finally, the ideal cybersecurity plan for small law firm should include a solution that stops all zero-day malware and ransomware from writing to the hard disk drive. If the malware cannot drop its payload, it cannot infect the endpoint.
If the U.S. government considers the threat of cyberattack on the nation’s institutions to be on par with “mutually assured annihilation.” The risk of a cyberattack on your firm has never been higher. Craig A. Petronella