Cybersecurity is integral to successful business operations in many industries, but it is arguably most critical in the legal industry. Why? One word: information. Information has become one of the most valuable assets in today’s world. Law firms are the hubs of a staggering array of confidential data, including privileged client information, financial data, intellectual property, and employee records. Lawyers access and use this data on computers, smartphones, and tablets. While lawyers may be experts in the practice of law, they are typically not experts in computer technology.

If you think your firm is well protected from outside threats because your firewall is solid and there is no way hackers can use brute force to access your network, think again. It’s not a question of IF your firm will get hacked, it’s a matter of WHEN. When that time comes, what can your firm do to minimize the damage and recover quickly? There is no magic bullet or single solution. Cybersecurity for law firms requires a holistic and layered approach. Here are five practical ways you can strengthen your firm’s efforts.

1. Educate employees on what’s acceptable and what’s not

The most important part of any security policy is employee awareness. One action (or lack thereof) from a single person can expose your firm to significant risk, regardless of how much money was spent on security. Invest in creating courses to certify employees on a regular basis. Have a thorough and thoughtfully laid out Acceptable Use Policy that is signed by all employees and placed in their files. This will let them know what is acceptable, or not, with business technology. The more knowledgeable the human user, the less likely your firm will fall prey to cyberattacks.

2. Apply security technology in layers

No security technology can provide 100% protection. The goal is better aimed at making it so difficult to get through the layers of security that a hacker gives up. File encryption is top on the layering list because it helps ensure that data can only be viewed or used on authorized computers. If you must have a guest network, be sure to use encryption and a password, and change it regularly. Even better, use temporary passwords on request. Also, do not use open Wi-Fi networks when traveling – enforce VPN for all unauthorized network connections.

Speaking of passwords, yours may not be as strong as you think. For example, according to, this is how long it would take a computer to crack the following passwords:

  • The password ^64dfe!* would take a computer about 19 minutes to crack
  • true^tAlent would take a computer about 97 years to crack
  • mtrue^tAlent would take a computer about 6 thousand years to crack
  • I’Mtrue^tAlent would take a computer about 959 million years to crack

It’s always a good idea to use software tools for password management and other security management needs. Some good tools include Thycotic Secret Server and the CyberArc software suite.

3. Monitor activity and set traps

In addition to always having multiple layers of defense, you should also always be notified when someone tries to break those layers. There are obvious things to report, such as multiple unsuccessful login attempts. But there is also a whole other world of active security you can employ. For example, you could set traps by planting invalid admin-looking credentials in some spots on the network and then monitor to see if these credentials are used. As soon as you get an alert about it being used, you are immediately aware that something wrong is happening on the network. Employee Internet usage and the transfer of information through email and file sharing systems should also be monitored in order to reduce the risk of security breaches.

4. Backup more frequently

Having strong backup strategies, as well as business continuity and disaster recovery procedures, all help in minimizing the damage when a security breach does occur. It used to be normal to have daily backups. These days, when threats are constantly coming from every angle, 15-minute incremental backups have become the norm. Evaluate your recovery point objective (RPO) and recovery time objective (RTO) accordingly and review and test your backup and disaster recovery policies on a regular basis.

5. Have an action plan for remediating incidents

As we said, it’s not a question of IF, it’s a question of WHEN. When the worst happens, you must have a clearly laid out strategy of how to handle an incident. The action plan might be a very large document that goes through literally hundreds of steps OR it can be a less verbose collection of references to specific policies as they apply to different areas of business and also policies related to other events a business could be subjected to.

Make sure that the roles and responsibilities of all parties involved in remediating the incident are clearly defined. You should have incident response teams formed and organized, and those teams should be different, depending on the type of incident and other aspects, such as geographical jurisdiction. Postmortem should involve multiple levels of preparation and will likely trigger altering all documents, policies, and processes. Based on lessons learned, you will also most likely need to change things a bit to become even more proactive.

Seek professional assistance

By taking these steps, your firm will be better prepared to protect sensitive client data. If you need help building or assessing your firm’s cybersecurity policy, contact a security specialist. For example, Wilson Allen has an experienced team of legal IT professionals who can help you protect the valuable information that your clients trust you to maintain. Feel free to contact us to learn more.