Law firms hold critical, privileged and sensitive information entrusted to them, which by default, makes them prime targets for hackers. Enhancing security controls while finding new ways to secure and store client’s information on the firm’s network is imperative for any law firm hoping to not become the data breach headline of the day. A single breach in security will have an impact on a law firm’s reputation and potentially put them out of business, or worse, on the wrong side of the law.
Legal professionals need to ensure that sensitive data and communications remain “blacked out” except to authorized users, even if traditional perimeter defenses are breached. As legal professionals seek to reduce costs through decentralized cloud computing environments, the risks associated with the current methods of protecting critical data from cyberattack and exploitation are becoming increasingly apparent.
Compliance is mandatory; security is a necessity, and not an option. The consequences of a data breach include: Loss of Competitiveness – Cybercriminals, and even honest mistakes, can circumvent information technology defenses. When this purposely or unwittingly happens, valued privileged communications can be exposed and significantly weaken a firm’s ability to compete Compliance
Breaches – If a firm is not protected from privileged communications breaches, then compliance with
relevant policies and mandates is in serious jeopardy. Privileged communications breaches can lead to fines, lost business, malpractice and a host of other penalties.
Damaged Reputation – Client trust and access to new business continue to be precious commodities. A single communications breach hitting the headlines can quickly erode these hard-earned assets. Estimated losses from companies that have been breached have ranged upwards of $200 million dollars.
Lost Productivity – The repercussions from the loss of privileged communications may cost a firm its competitive advantage while efforts at damage control sap resources from conducting daily business.
Where can a law firm begin to ensure it is both secure and compliant? The first step is to recognize its key vulnerabilities.
Here are five areas to examine closely to avoid data breach liability.
1. The Best Defense is a Good Offense –
The phrase “the best defense is a good offense”, as it applies to cybersecurity is the premise that “new ways to secure Send data” are required to enhance and support existing defenses. Data-centric security solutions are required that protect both “data at rest and data in motion”, even when a security breach of an existing network and or data center occurs. Data security must be all-inclusive and support the full range of operations from internal and external communications to financial transactions, client records and other data in storage. The global legal community is facing an ongoing challenge of how to safely store and transmit data securely while still being able to access it quickly.
2. Encryption is Not Enough –
Until now, bulk encryption combined with firewalls was the most effective solution for protecting data and other assets from internal and external threats. Encryption is the process of transforming information (referred to as plain or accessible text) into an unintelligible scrambling of code (referred to as cipher-text). It utilizes a secret key with an algorithm and is known as “ciphering”. The cipher-text (encrypted data) is designed to be decoded, transformed, and restored back into its original readable and understandable form by utilizing the original cipher algorithm and a secret key. The intent of this process is to secure and protect critical information from theft and exploitation.
These defenses were not enough to protect the myriad of Fortune 1000 organizations from data loss. In order to fill these types of security gaps, a next-generation data security solution that virtually eliminates the loss of sensitive information is imperative. New forms of MicroEncryption technology that uses MicroTokenization to encrypt each file individually down to the byte can prevent the mass data breaches that have made headlines almost daily.
3. Unsecured Email
Email continues to be the primary method utilized for business communication. Over time, cyber experts have learned that securing email is a complicated challenge. By default, email is “open” as it maneuvers through the Internet and intranets. Email, not encrypted or protected in a secure manner, can potentially be read, intercepted or altered while in transit. To stop these exploitations from happening, end-to-end encryption of email was introduced and widely adopted in the business marketplace. Because email protection is a critical requirement for most business, the decision is not whether to implement email protection services, but rather what the best methodology is and how fast it can be best implemented with the easiest user effort.
4. Mobile Device Hacking
The portability of laptops, tablets and smartphones can result in the complete loss of protection afforded by traditional network facility solutions. Today, a Wi-Fi hacking device can be purchased for less than $100 and allows access to a vast majority of wireless local area networks within seconds. A hacker with very little experience can gain access to a device within 30 feet of a coffee shop, restaurant, airport, or while driving down a highway or residential street. Recent studies found over 56% of laptops were broadcasting the name of their trusted WiFi networks and 34% were willing to connect to
highly-unsecure WiFi networks. Wireless Intrusion Prevention Systems (WIPS) offer some defenses, however, few companies make use of them. If a firm utilizes a cloud-based file sharing service, the only way to be safe is to utilize a solution that is certified by both the PCI Security Standards Council and the HIPAA.
5. Unsecured Text Messages
By sending a simple text message, hackers are gaining the ability to access information and change control settings, and the user would have no indication a breach has occurred. A firm specializing in mobile security recently highlighted this vulnerability in a demonstration using information found on a typical business card. Understanding where potential weaknesses lie is the first step in protecting any law firm. Ensuring these five areas are addressed can go a long way towards preventing devastating data breaches.
About the Author
Steven R. Russo is Executive Vice President of CertainSafe, a highly recognized award-winning developer of ultra-secure file sharing and messaging platforms. CertainSafe has developed a new method to secure sensitive data at the Micro level using the long-established tokenization process as well as MicroEncryption to add additional layers of protection. This newest technology is changing the way businesses and governments are managing security.