May 7, 2018

Law Firms: An Appeal for Better Cybersecurity

Law firms are notoriously slow to embrace new technology, but in today’s digital age, implementing new technology is critical in avoiding cyber attacks and protecting your firm from costly breaches. Law firms are often targets of cyber attacks due to the plethora of sensitive information to which they have access. When highly-confidential information such as client materials and financial data is compromised, so is a firm’s reputation and bottom line.
Unfortunately, the ability to protect law firms from cyberattacks has grown increasingly difficult. According to the cybersecurity firm Mandiant, “At least 80 of the 100 biggest firms in the country, by revenue, have been hacked since 2011.” This statistic is likely to grow as ransomware continues to sophisticate and expand. However, there are several strategies law firms can implement to mitigate security risks:

  1. Create Strong Passwords: One simple way to protect company information is by enforcing strong password requirements. Passwords with eight characters including uppercase and lowercase letters, numbers and symbols are generally strong. Employees should avoid passwords that include words related to personal information such as addresses, birthdays or pet names, because these are most susceptible to attacks. Passwords should also never be ‘abc12345’ or ‘password.’ Employees should immediately update weak, shared or compromised passwords to new, robust and completely unrelated passwords. Not doing so in a timely manner can jeopardize a company’s confidential information.
  2. Set Screens to Auto Lock: Employees should program laptops and computers to lock automatically after a period of inactivity. This security measure ensures that devices are not accessed by unauthorized users. Once the screen locks, a password is required to access the device’s the main desktop. Employees should never leave a device unattended but if they do, auto-locking will improve overall company security.
  3. Download Security Software that Automatically Updates: Law firms can improve their cybersecurity by installing security software that automatically updates and provides real-time protection. Whether there are errors in the operating system or improvements to security tactics, companies want their software updates to automatically install on employee computers. Additionally, employees should conduct periodic backups using a reliable cloud storage provider in order to prevent data loss.
  4. Implement Full-Disk Encryption: Full-disk encryption protects sensitive information by converting and saving information as a file that is difficult for unauthorized users to understand. To further protect this information, employees should never access files on public computers or unsecured Wi-Fi networks. If accessing confidential information away from the office is necessary, employees should only connect through authorized, encrypted networks.
  5. Implement Training and Develop a Response Strategy: Within seconds, a hacker can completely wipe a law firm’s protected data. Law firms should work closely with their insurance brokers to perform vulnerability and penetration testing, effectively train employees to recognize common threats like social engineering and phishing schemes, and ensure that all cyber threats are properly analyzed and adequate coverage is in place. Brokers can also help law firms develop a response plan that employees rehearse often so that if a cyberattack occurs, it is quickly eradicated. Employees must be familiar with who to contact, when to contact and what type of documentation should be recorded throughout the breach.

Cybersecurity is no longer just an IT issue. Cybersecurity is relevant to every aspect of a business – especially law firms.  According to the American Bar Association Journal (ABA), “91 percent of cyberattacks begin because of an employee.” Therefore, all personnel should be regularly trained on these strategies to mitigate risks in order to protect their clients, their reputation and their bottom line.

Bradley Watts
The Graham Building
Philadelphia, PA, 19102
(215) 701-5428




We’re happy to answer any and all of your questions. Let us help you find coverage solutions that work best for you.
contact us >

Similar posts

What You Need to Know About Cyber Liability Insurance

In today’s news headlines, a week doesn’t pass without a mention of a large company experiencing some type of cyberattack or breach. Examples of high-profile cyberattacks in the news over keep reading >

What Employee Ownership Means for Our Clients

The insurance industry remains a hot target for growth and consolidation. Last year, we saw a spike in mergers and acquisitions among insurance brokers with 537 total deals, according to keep reading >

Graham Advisor – Volume X Issue 2 2018

In this issue, Ken Ewell discusses the growth of Graham Company and a recent honor bestowed upon Bill Graham. Tom Morrin, in collaboration with Ben Evans of the University of keep reading >

Ask The Expert: Builders Risk Insurance

What is builders risk insurance? Builders risk insurance is a specialized type of property insurance designed for buildings under construction or renovation and covers the materials, supplies and equipment that keep reading >