Digital espionage is estimated to cost American companies over $50 billion per year, according to Harvard Journal of Law & Technology (PDF), and 10% of the advanced cyberattacks were targeted at law firms. A recent study published by the American Bar Association estimates the average data breach to cost $7.2 million, with an averaged cost of $214 per client record.
Here are 4 ways your law firm can build preventative measures from getting hacked.
Each data storage location increases your overall exposure to possible compromise, and multiplies the effort you have to expend to keep data secure. Minimizing the number of storage locations and devices will simplify your data security program and decrease the chances of overlooking a vulnerability. Despite recent events, storing sensitive data at a central cloud location with strong access controls and monitoring (ask about Heartbleed exposure) is often better than managing data storage systems yourself.
“Data at rest” is an IT term that simply refers to inactive stored information. There are two approaches to keeping inactive data safe from hacking: Access controls and data encryption. Encryption is a way of scrambling information according to a certain pattern, so that only the users who have access to that pattern (or “key”) can unscramble it and make it readable. Encryption technology is an excellent way to prevent data theft, since even if the database is hacked, the thieves wont be able to actually use the material they steal.
When data is in transit, it can be subject to eavesdropping or tampering at various points in its journey. Prior to transferring any customer data, ensure that the site domain name matches what you expect, and that the URL shows “https” instead of just “http”. Email should not be considered a secure transport channel unless steps are taken to encrypt the message before sending it. By default, all emails, particularly those which travel outside of your own domain, are unencrypted and are subject to eavesdropping and theft.
The final piece in a program of keeping client data safe is to make sure that devices themselves are safe. The Journal of the American Bar Association highlights a survey showing that 36% of lawyers who use smartphones have lost them at some point, and 46% of those lost phones were not even protected by a password of any kind.
Following the outlined principles will help ensure that your law office’s client data is only stored in absolutely necessary locations, is protected with access controls and encryption, is transmitted securely, and resides on safe, malware-free devices. Enacting a cloud-based security program will give your clients confidence in the professionalism and discretion of your practice, and will comply with American Bar Association standards for taking reasonable, competent measures to protect client information.
If you thought this was helpful, then you may want to download and read our free white paper. The white paper has more comprehensive tips on ways to protect your data. You can download it here: