SECURITY & PRIVACY BEST PRACTICES FOR ATTORNEY-CLIENT DATA

Learn More About How You Can Protect Your Practice

Cyberattacks against Law Firms are increasing in scope and frequency, so why have cybercriminals focused on law firms?

• Law firms obtain and store extremely sensitive client data
• Many law firms have a tendency to not use the most sophisticated cybersecurity precautions
• Hackers can use stolen client information to apply pressure to the practice to meet their demands or by contacting affected clients directly to apply pressure on the firm.
• Cybercriminals believe that law firms have money to pay ransoms, and reputations to lose if they don’t meet the demands.

All businesses are susceptible to hacks, data exfiltration, and ransomware attacks but law firms are particularly at risk and arguably may have the most to lose. A recent poll finds that law firms are lacking in traditional security best practices as detailed in the ABA Techreport 2020. 

The following deficiencies were revealed, and only: 

• 43% of respondents use file encryption
• 39% use email encryption
• 26% use whole/full disk encryption
• less than 50% use two-factor authentication 
• 39% use intrusion prevention 
• 29% use intrusion detection 
• 29% use remote device management and wiping 
• 27% use web filtering 

Many firms also lack a Chief Information Security Officer (CISO); someone whose sole purpose is to protect the information security and data of the practice. Instead, many rely on existing IT staff who are focused on keeping the operation running and, in most cases, don’t have formal security training.  Threats today are so sophisticated and pervasive that relying on regular IT staff to handle security is akin to an Internist performing heart surgery. 

Hiring JANUS as your practice security consultant is a wise business decision. We stand ready to assist you with your already existing security program, or helping you design and implement a new one.

We offer a full range of services including:

• Virtual Chief Information Security Officer (vCISO) services which is a practical and cost-effective way to bring expertise to bear without overwhelming expense.  
• Vulnerability and Risk Assessments to give you a clear picture of where you stand and what your strengths and weaknesses are.
• Creating a Plan of Action and Milestones (POAM) to help guide you through what needs to be done and, in the order necessary to accomplish your security goals and compliance requirements.
• Penetration Testing that tells you where hackers can get in, what they can gain access to, and what you need to do to prevent that.
• Policies and Procedures—the do’s and don’ts, and how to do it properly the first time and every time thereafter.
• Security Architecture and Planning to make sure your existing infrastructure operates as efficiently and securely as possible. 
• Disaster Recovery and Business Continuity (DR/BC) planning and testing confirm that you are ready for the worst-case and that you can get back to protecting your clients as quickly as possible after a worst-case scenario.