Cyber Risks for Law Firms: 4 Safeguards to Protect Your Practice with Zahn Nel

As lawyers increasingly rely on technology, now more than ever, law firms need to implement measures to safeguard their business. In our course, Lawyers' Ethical Duties in the Digital Age, Zahn Nel, CIO of FilePro Legal Practice Management Software, explores 4 critical safeguarding measures and provides practical steps law firms can take to protect their firm against cyber risks. 

Safeguard 1: Improve password security 

What was once optional is now necessary. In particular, 2-factor authentication (2FA) is quickly becoming mandatory for business cyber insurance. In addition, lawyers should also improve their general password hygiene. This includes replacing generic firm-wide passwords with passwords unique to each lawyer that are complex and changed frequently.  

Safeguard 2: Review remote work setups

At the start of the pandemic, law firms had to move quickly to enable their employees to work from home (WFH). Often, this led to many firms adopting ad-hoc and insecure solutions exposing critical data safeguarding gaps. Today, when WFH has become the norm, many law firms still rely on the same solutions - continuing to put themselves and their clients at risk. 

Another example relates to the use of Office 365 and emails. Many law firms have reported compromised accounts, resulting in fake emails being sent as replies after the emails have been intercepted. Office 365 does provide an MFA solution that prompts users every time they log in from a new device. However, this solution needs to be enabled to provide protection for remote working. Not all firms have done this, which exposes them to greater vulnerability to cyber risks.

• [Insight] Why Lawyers Love to Hate Legal Innovation
• [Free Resource] Email Ethics for Lawyers: How to Navigate the Perils of Email
• [CPD Course] Lawyers’ Ethical Duties in the Digital Age
• [CPD Course] Ethics and Email

Safeguard 3: Have a designated IT Champion

Does your law firm have a designated IT champion? If not, get one! Having a go-to person who actively participates in discussions on IT security procedures and strategies is critical as they will know the firm's current manual processes and culture. 

Besides being comfortable with procedures and technology, this person should preferably have a senior position at the firm. This makes it more likely that new cyber security standards filter effectively throughout the entire business, resulting in a more comprehensive approach toward IT and cyber security

Safeguard 4: Assess real costs and benefits

Conducting a cost-benefit analysis is vital in deciding how much to invest in a solution that delivers outstanding service to your clients while providing high data security. 

When doing this review, it's critical also to include the potential financial cost and the impact on a firm's reputation in case of a data breach or other cyber risks. Small, incremental steps can contribute towards a strong foundation for your firm's IT security.

More tips for improved cyber resilience:

Discover our new course, "Lawyers' Ethical Duties in the Digital Age" for a deep dive into how technology impacts the legal profession.