Law firms can spend a lot, or very little, and improve their cybersecurity, experts say
With hack attacks a fact of daily life, law firms need to be doing more to protect themselves against cyber breaches, experts say.
Those with 500 or more attorneys should have four key employees on staff, data security consultant Larry Ponemon tells the Am Law Daily (sub. req.).
They are: A cybersecurity chief, who reports to the executive committee; a “regulatory policy wonk,” who is familiar with applicable data-protection laws in all jurisdictions in which the firm works; a security architect, who checks to see that protective technology is functioning correctly; and a forensics expert ready to step in and deal with a breach on an emergency basis. Ideally, a fifth member of this team would focus on training lawyers and staff to be more security-conscious.
Ponemon estimates about 10 percent of law firms of this size actually do have a cybersecurity program staffed in this manner, which can cost millions of dollars annually.
Law firms that don’t have the resources for this level of oversight may still be able to improve cybersecurity without spending a lot of money, Charles Carmakal of FireEye tells the legal publication.
Many use the same administrative password for all systems, which is not recommended, he said. And lawyers eager to bring in business need to be more cautious about opening email attachments, which may be the bearer of malware.
