This article is presented by Tom Lambotte, founder and CEO of BobaGuard, an Ebroker partner. Tom advises law firms on cyber security and helps protect them from cyber attacks, including cyber criminals. In this article, Tom explains that law enforcement agencies, especially small and independent ones, need to understand who and what cybercriminals want.
There is a target painted on your back.
It was put there by cybercriminals who want to steal all the privacy of your customers or hack your computer system and online accounts with malicious viruses and malicious ransomware.
You’re just kidding yourself if you think so–as a private attorney or a small law firm–that no hackers would be interested in targeting you. It is a mistake to think that you are invisible to them, to believe that the only law offices that appear on the radar screen of hackers are the ones with clients of Fortune 500 companies, A-list celebrities, and world-class athletes.
The truth is that the smaller your company, the bigger your goal. That’s because cybercriminals have figured it out—rightly so–that private lawyers and small law firms make easy choices.
This is not just a statement. Recently, Inc. magazine. has released the findings from the cybersecurity outfit showing that criminals tend to “target small businesses because small companies often have less security than those in larger companies.” In fact, according to Inc., more than 30 percent of US small businesses have computer weaknesses.
And, as a law firm, aren’t you a small business? Yes you are.
However, it gets worse. Small business owners don’t seem to care about all of this.
Earlier this year, a CNBC| SurveyMonkey Small Business Survey reported that only 5 percent of small business owners consider the risk of a cyberattack to be their greatest concern. Also, the researchers confirmed that the small business is less profitable.
Defense Spotty at Best
What I have observed for a long time as a consultant and internet marketer is that, when it comes to storing sensitive information, the computer systems in small law offices are often built with very little security (that is weak).
In most cases, this is due to a failure to acknowledge the existence of the target I mentioned. However, the problem can also be criticized by lawyers who convince themselves that the effective technologies and methods necessary to fully protect their computers are too expensive.
They are not very expensive. In fact, even freelancers can afford it. It is unfortunate that they think differently.
Second, cyberattack protection is often lacking in private and smaller law firms because lawyers tend to feel at a loss when faced with cybersecurity threats. Therefore, the temptation is to let data security issues slide and hope for the best.
If I have just expressed your opinion, an illustration may help you see the matter in a different light. So, let’s say you have a house where you live. If this is the case, you have a responsibility to yourself and to all the other people you live with to prevent termites from destroying the property and making the property uninhabitable.
But you don’t need to be an architect, a home improvement professional, or a licensed pest control professional to get the job done. You just have to recognize that you have a problem that needs to be fixed and have the problem to seek the right help. It’s no different from your computer and the threat of a cyberattack.
Of course, you may not be at the greatest risk of a cyberattack but for the sensitive information and passwords you have. These things are worth a lot of money on the Dark Web.
In order to gain access to your personal information, cybercriminals use many time-tested tactics. One such method is to send you phishing emails. Another is inviting you to download or directly open infected emails. There is also a trick to lead you to a trap page.
The Property Is On You
One big reason you can’t ignore your background check is that you have a responsibility outlined by the American Bar Association’s Model Rules of Professional Conduct to protect your credentials.
In each state (or states) in which you are licensed to practice law, your withholding of that fee is subject to your compliance with ABA Model Rule 1.6(c). Almost every licensing agency in every state has adopted Rule 1.6(c), but in a nutshell it states that you have an ongoing duty to protect customer information everywhere and in any way.
The ABA has developed a list of factors that members of your state’s advisory board should use when trying to decide whether or not to be successful in a cyberattack. protect customer information. These things are:
- The feeling of awareness
- The possibility of disclosure if other security measures are not used
- The cost of using additional security
- The more difficult it is to use that extra protection
- The extent to which additional security can prevent you from representing clients
Pro tip: one way to convince members of the disciplinary committee that you have taken steps to protect data is to show that you have logged all emails that contain customer information. Encryption makes it harder for cybercriminals to intercept emails they have no business seeing.
Encryption is only one aspect of security. There are more you can add than that. In fact, the more security you add to your system, the less likely a breach of service lawsuit that regulatory investigators will make against you, in the event of a breach. And to put it bluntly, the more layers you add, the less you’ll be in the hot seat to begin with – the extra layers won’t make your machine invincible, but it will prevent more cyberattack attempts.
Acknowledging that the threat of a cyberattack is real is half the battle. The other half is implementing the right security measures. Even then, there is no guarantee that you will eliminate the target on your back. But the target will stop being a neon beacon for cybercriminals looking to hit and knock on the softest of targets.