Article
Security Assessments and Pen Tests for Law Firms
January 28, 2021
The Perfect Storm is Headed Your Way
The way law firms operate has undergone a drastic change over the past year, in both the physical and digital worlds. We saw law firm employees working remotely, a heavier reliance on cloud-based technology solutions and services and firms operating on a reduced budget through the economic crisis caused by the pandemic. Some law firms have thrived, while some have floundered with an inability to pivot and adapt quickly.
The new norm has created an operating environment that hackers once could only dream of. What has been proven over the past year is that cybercrime rises during times of crisis and law firms are still slow to respond. Ransomware is the number one cybersecurity threat that we now face. The perfect storm has been created and is heading towards your firm if it hasn’t arrived already.
What exactly do we mean? Users are now accessing confidential client files from their kitchen or home office through personal computers, tablets, and outdated Wi-Fi that has not had the configuration updated since the Internet Service Provider installed it. Employer-provided systems are not universal, even among the largest of firms. Users are now responsible for keeping their software and operating system patched with critical updates.
Two-factor authentication, which Microsoft states will stop 99.9% of account takeover attacks, remains unused – even though it is provided at no cost with your Microsoft 365 subscription. Encryption of laptops, while commonly discussed, is hardly implemented. Our country was shut down abruptly; this prevented most firms from carefully planning and evaluating the new cybersecurity landscape. They faced immediate changes in the way they worked. Plain and simple, they were not prepared.
Law firms recognize that there are security problems within their networks. Many just don’t know where to start to identify and fix them. Others accept the risks of taking no action.
All is not lost. There are steps that law firms can take now to get control of the situation, to identify where the problems exist and remediate them. The first step is realizing that something needs to be done. The next step is finding where the problems exist, and that is accomplished through a security assessment.
Security Assessments Are Essential
You can’t fix what you don’t know is broken. We are now at a point in time where attorneys are receiving from a client or prospective client a request for an independent security assessment or proof of having one recently been performed. Many are also receiving a request to provide a client or prospective client with their firm cybersecurity measures, along with any documentation or guidelines. Law firms inquiring about cyberinsurance are often required to have an assessment performed to become eligible for coverage. Assessments are becoming THE way to prove (and document) that you take cybersecurity seriously.