Cybercrime is evolving rapidly and targeting all types of businesses. Where once the chief victims of cybercrime were retailers and banks, with hackers primarily hoping to steal credit card details and fraudulently gain access to accounts, their ambitions are now much larger in scope.
Today, almost every sector in every industry is a potential target - and that includes the legal industry, where hackers seek to steal valuable data, including details about litigation and pending deals.
In fact, legal firms appear to be moving quickly up the ranks of companies most likely to be compromised: Anecdotal evidence suggests that all of the major law firms in the United States have been hacked at least once. It's no wonder that security is now the No. 1 anxiety facing law firm management.
This is exacerbated by the fact that the implications of a data breach are arguably worse for legal firms than for those in other industries. Putting regulatory compliance aside (although changes to European Union regulations mean that soon fines for data breaches will be highly punitive), legal firms must avoid reputational damage that follows the loss of sensitive data. Put simply, the ability of clients - especially big businesses - to trust their lawyers with their most important information is absolutely fundamental to the effective running of the legal profession.
The good news is that there are a number of steps law firms can take to ensure client data is kept as secure as possible:
Assess the risk
A critical first step is to review your entire IT infrastructure - from the data center to end user devices - identifying areas where data could potentially be lost or stolen
Protect all data
With valuable data to be found across the entire enterprise infrastructure, it's critical to ensure the data is adequately protected in the data center and the application layers. Ensure these entryways to and repositories of critical data are locked down from an access and encryption perspective, are regularly scanned for vulnerabilities and misconfigurations, and are properly patched
Deploy advanced security defenses
Legal firms are threatened by a range of advanced persistent threats, including spear phishing, which are used by cybercriminals to gain a foothold in the organization's network. Such attacks are best confronted by web security gateways specifically designed to protect businesses in real-time from threats like malware, zero-day vulnerabilities and data loss
Put in place a response plan
Most firms will get hacked. The important thing is to detect the intrusion and respond rapidly, and this means having an incident readiness and response plan in place. Many large corporate customers of law firms are increasingly asking to see these plans, so having them at the ready is also becoming pivotal to customer retention
Train all members of the firm
Many of the threats facing law firms come from social engineering techniques, which manipulate people into helping the cybercriminal gain a foothold on the enterprise system. Train all members of the law firm to be on the lookout for fraudulent communications that might look legitimate, but aren't. Staff should also be mindful of other risks, such as sending emails containing confidential files to computers outside of the corporate firewall.
Jane Dotsenko is Trustwave marketing manager for the EMEA region.
