Five Tips to Strengthen Security in Your Law Firm

by

No profession depends more on the confidentiality, integrity and availability of its data than law firms.

The information they collect forms the basis of all of their cases. Without it, they can’t represent their clients.

Because of the nature of that data, which includes PII, PHI, confidential and proprietary information, not to mention potentially embarrassing revelations, attorneys will be in the crosshairs of cyber criminals for the foreseeable future.

In fact, an analysis of public records by Law360 found that nearly 50 law firms reported data breaches in 2020 and that most were small and boutique firms. And that’s not all …

“There are probably many more attacks than what you’ve listed here. They just have not been documented in any official way,” said Claudia Rast, co-chair of the American Bar Association’s cyber security legal task force, to Law360.

The overwhelming majority of the 50 breaches (80%) was caused by human error or insider incidents.

To strengthen your firm’s security, consider the following five tips:

  • Secure Your Mobile Devices with Passcodes, Biometric fingerprint access, and Encryption
  • Create a culture of cyber security in your firm with policy-based Security Awareness Training
  • Watch Autocomplete in Emails to avoid inadvertently sending an email to the wrong person
  • Ensure remote devices and computers get the same protection at home and on the road as in the office
  • Consider multi-factor authentication on critical entry points to your network, such as computer logins, to prevent criminals from accessing it with a stolen user name and password caught up in a data breach that had nothing to do with your firm

SMBs Not too Small to Hack

by

A colossal data breach like the one of Solarwinds should serve as a reminder that small business owners, too, need to keep an eye on their cyber security measures.

While data breaches at small businesses don’t generate those kinds of headlines, they do cause pain in the affected SMBs including not only financial losses but also operational disruption and loss of time and reputation.

In the past year, 35 percent of small businesses who experienced a data breach either closed their doors or filed for bankruptcy,  according to a survey of 1,006 small business owners by the National Cyber Security Alliance.

Additionally, in a 2019 Ponemon Institute study, 66 percent of SMBs said they suffered a cyber attack in the previous year, 69 percent said an attack eluded their intrusion detection system, and 57 percent reported succumbing to Social Engineering attacks like phishing emails.

The fact is, you’re not too small to hack.

Cybercriminals continually tune the efficiency of their mass attacks on small organizations because they handle the same types of sensitive information as large enterprises but don’t have the sophisticated security measures that big companies deploy.

They have also learned to target specific small businesses because of the unique value of their data or because of their relationships with larger companies.

So, the need for SMBs to pay attention to their data’s security has never been greater.

But, just how do you protect your data without breaking your bank account?

In its Q1 2020 Wave Security Awareness and Training Solutions document, titled “Behavior and Culture Reign Supreme over Awareness and Punishment”, Forrester Research determined that the best security awareness training vendors aim to change negative employee behaviors by fostering a culture of cyber security within organizations.

Threatucation’s motto has always been “Creating a Culture of Cyber Security in Small Organizations”. We have long championed this approach over phishing email simulations designed to punish an employee with a bad score for succumbing to a phishing test.

While phishing simulations are part of Threatucation’s Cyber Security Awareness Training program, we really create a culture of Cyber Security with our unique policy-based approach that helps employees understand the reasoning behind the policies, the ramifications of violating them to the company, co-workers, customers and board members, and how to recognize and properly react to cyber attacks.

The whole process takes just 3 steps, starting with a Cyber Security Risk Assessment to ensure the security measures you ultimately choose to protect your business actually match your data security requirements.

For a free, no-obligation Cyber Security Risk Assessment for your business, contact us at info@threatucation.com or 302-537-4198.

Data Breaches pose grave threat to SMBs

by

One of the most frightening and controversial statistics used in cyber security and cyber insurance advertising regards the impact a data breach has on a small business.

As the narrative goes, 60% of small businesses file for bankruptcy within six months of a breach. That number is often attributed to the National Cyber Security Alliance.

That’s a frightening number for obvious reasons but controversial because the National Cyber Security Alliance says it never stated or reported that figure.

So perhaps in response to the controversy that has embroiled the organization for the past half-dozen years over that claim (google it to see how many times it appears in the search results), the Alliance commissioned a survey of 1,006 small business owners and CEOs to get a better handle on what the actual figure might be.

The results aren’t a whole lot more encouraging.

More than one-third of small businesses responded that they filed for bankruptcy or closed their doors after a successful cyber attack. That’s 25 percent who filed for bankruptcy and 10 percent who went out of business.

That’s certainly not in the 60 percent stratosphere but it should give small business leaders enough pause to ensure that their cyber security measures meet their data handling needs.

In addition, 63 percent of small businesses in a 2019 Ponemon Institute study conducted for Keeper Security said they had suffered a data breach in the previous 12 months. Keep in mind this is just the percentage of small businesses that suffered a data breach, not the actual number that were attacked, which is 100 percent as every SMB receives phishing emails on a regular basis.

I state this often but it bears repeating often — you cannot protect your business with guesses. You must know what risks your specific business faces to make the most cost-effective decisions regarding the cyber security measures you need. The only way to do that is with a Cyber Security Risk Assessment.

If you need help with that, call Threatucation at 302-537-4198. Mention this blog post and we’ll conduct a free, no-obligation Cyber Security Risk Assessment for you.