Protecting the Legal Industry

Travelers T logo
By Travelers
4 minutes
Last updated 1 March 2022
A close up of a desk at a business office. This desk includes a cup of black coffee served in a white cup on a white saucer, a laptop computer, a pair of glasses and newspaper.

How to help protect your law firm from cyber attacks

Preventing cybersecurity incidents is not just about having technology-based protections in place, but also adopting behaviours that can limit the depth and breadth of an attack. In fact, surprisingly for some, preventing attacks is no longer a realistic goal for law firms. Today, it's a case of responding as quickly and effectively as possible to the inevitable attack.

‘Cybercrime is overtaking all other forms of crime for the first time, so the need for protection is definitely there’, said Davis Kessler, Head of CyberRisk at Travelers Europe. ‘If a firm holding information for individual or corporate clients is breached — via malware, phishing schemes, or numerous other ways — the firm will be liable.’

As law firms adapt to the next generation of increasingly mobile workers, they continue to adopt technology and work arrangements that not only help them compete for talent but also compete for business globally. With that also comes cyber risk.

'We live in a world where work no longer happens within the confines of an office', said Max Ingwersen, Consultant with McKinsey & Company. 'Information is moving around the world like never before and you can't compete without being able to work from anywhere. Succeeding in the agile environment is about building awareness around what your risks are.'

Here are some tools and tactics to help your firm enhance its cybersecurity.

Strengthen your passwords

Stress the need for employees to use complex passwords that they do not recycle or use on other sites. Ideally, require the use of a password manager to ensure complex, single-site usage of passwords.

Enable two-factor authentication on frequently visited websites

The website twofactorauth.org provides a list of companies and organisations that offer two-factor authentication. You can also try an app called Duo, which you can install on your mobile device to secure other apps with two-factor authentication.

Train employees in how to spot a likely suspect

Your employees should know how to identify phishing emails or fake requests for credentials. Remember, if an employee spots and reports a suspicious email, there is an opportunity to block the attacker's IP address before a full-fledged attack begins. To keep employees on their toes, run frequent cyber simulation exercises in which employees must make the kinds of decisions they will have to make in the event of a live incident.

Review your rules for access

Classify data according to whether it is restricted, private or public. Restricted data should receive the highest level of security, with access limited to a need-to-know basis. Private data requires fewer security protections, whilst public data requires minimal security and restriction of access.

Perform a cybersecurity audit

Law firms are not always immediately aware that they were victims of a data breach, which can make them more vulnerable to future attacks. Engage experts to assess your firm's technology infrastructure and practices to identify vulnerabilities before and after a breach.

Obtain a cyber essentials badge to improve and demonstrate your cyber resilience

Secure a Cyber Essentials badge by adopting basic technical controls developed by the Information Assurance for Small and Medium Enterprises and the Information Security Forum.

Encrypt your email and files

If you don't already use encryption software to communicate with clients and store files, consider encrypting your email, which can help thwart business email compromise hacks and other social engineering attacks. To protect files, try the full-disk encryption feature available through your operating system.

Protect your employees' mobile devices with encryption and remote data-wiping software

Mobile device management software including Accellis, MobileIron and Sophos can all encrypt your smartphone data and, if you were to forget your mobile in a public place, allow you to wipe your device remotely.

Perform system updates and security patches in a timely manner and ensure data is backed up to a remote location

Make sure your firm performs system updates and security patches in a timely manner and backs up data routinely using a secure, remote service. And whilst it's tempting to assume your technology providers will have security in place, typically they do not suffer when their products go wrong or are subverted. In turn, that reduces the pressure they face to embed security within their products and services. Therefore, don't rely exclusively on your technology providers to deliver the level of security you need to protect the firm.

All employees should understand that they are responsible for the protection of information security at the firm. 'Very few companies are really ready for a breach', said Ian Birdsey, Partner and Head of Cyber at Pinsent Masons. 'Organisations and (their management teams) will be judged not on the fact that they have been subject to a cyber incident but on how they respond to it.'

Read more about why cyber thieves are targeting law firms and how you can protect your firm. Making sure your law firm is covered with the appropriate cyber breach insurance can help protect you in the event of a data breach.

Learn more about how to protect your law firm with legal sector insurance from Travelers.

More insights & expertise

Why Law Firms Need Risk Management

Law firm risk management is vital as scrutiny towards the legal sector grows. Learn how risk management can save your law firm from a risky situation.

Lawyers having a meeting in a conference room.

More insights & expertise

Improving Hybrid Workplace Culture for Law Firms

As employees return to the office, improving hybrid workplace culture is key for law firms. Discover why a strong culture is essential for hybrid law firms.

A professional man sits at his office desk looking at his phone.

More insights & expertise

Can Firms Change Their Biggest Risks?

The legal profession has likely experienced more transformation in the past 20 years than it has in its history – and yet, it can also be remarkably consistent.

Senior female lawyer working at laptop and talking on cell phone