There are so many ways for a law firm to become more profitable, which go beyond the standard approach of cutting costs and obtaining more business. The COVID-19 pandemic has made safety and adherence to procedures requirements of an attractive business model. And the new hybrid work environment has caused new data safety concerns, which require new and tighter procedural requirements to combat them. Due to this current chaotic business environment, the law industry has become one of the industries most susceptible to cyber-attacks. Every firm, no matter how big or small, must now protect itself. So, what can a firm do to reduce the threat of being hacked?
Well, the weakest link in a law firm is the human being, so training is key. All employees and business partners must be properly trained. They also need to feel comfortable speaking up when something does not appear to be appropriate. So, how does management create such an environment?
Because so many firms are embracing a hybrid work policy, it is more important than ever that people “meet.” These meetings can be remote or in person, but they have to be scheduled regularly, and with a goal and objective in mind. Everyone should be encouraged to actively participate. So, people cannot be chastised for their opinions, no matter how unpopular their views might be. It’s better to have an internal conversation, within the firm, than to involve a client or business partner with data security issues that could have been avoided. Additionally, and perhaps more importantly, a law firm does not want to spend its time, money, and resources dealing with a successful cyber-attack.
Leaders must be able to recognize what they do not know. Most likely, they are not as knowledgeable as they could be about cyber-security. A good first step would be to reach out to trusted experts—their cloud provider, their time & billing provider, and their document management team. These are business partners with whom they are already working; they can provide training and guidance as to how to avoid attacks.
Any remote-work policy implemented in a firm must be understood and adhered to by everyone. It makes good sense to include the firm’s cloud provider, time & billing provider, and document management provider when designing a remote-work policy, to ensure that all appropriate issues are addressed. This also provides a great way to get employees to work together—with business partners and with each other.
All software applications need to be intuitive—easy to understand and to use. And they must remain current in today’s fast-paced environment. Easy access to help and IT assistance is also a necessity, especially when working remotely.
All employees need to be aware of the pitfalls of social media. A policy must be in place and reviewed periodically with everyone specifying what can and cannot be posted on all social media platforms. This training has to become part of new employee orientation as well. It also should be discussed as part of all exit interviews. Former employees need to understand the ramifications of negative posts. To combat such social media pitfalls, some firms have invested in software that monitors employees’ activities on their network. Of course, this must be implemented with employee knowledge. Unfortunately, resorting to this type of monitoring may cause other administrative issues. Mentoring employees and their use of social media may be another option which will be discussed in a future article.
Law firms may want to share their cyber-security knowledge with their clients. The safer a client feels with a firm, the more likely that client will remain a client and refer others to the firm. When applicable, law firms should provide cyber-security CLE (Continue Legal Education) credits, and other credits, not only to its employees but to its clients. To offer a client cyber-security training significantly differentiates a law firm from its competitors.
Recently, cyber-liability insurance premiums have increased significantly. A firm should reach out to its broker and ask what it can do to reduce the insurance premium. Insurance companies are usually willing to offer help and suggestions, and will reduce premiums when certain security measures are met. Many insurance companies are requiring dual factor authentication; it is no longer an option. Yes, it can be cumbersome, and involves another step when logging into the firm’s private data, but this additional security is becoming the norm. Consider it similar to installing a deadbolt on the door of a residence.
In summary, protecting all information is a basic requirement in today’s environment. It is no longer an option. Law firm leaders need to listen to their business partners, employees, and clients regarding cyber-security issues. No longer can a leader spout “we’ve always done it this way.” That mindset can literally bankrupt an organization and its owners. Relevant education is the key to remaining safe.
Published by Zola Suite June 9, 2022