Law firms are enticing targets for hackers, given the wealth of sensitive and confidential information with which they are entrusted. Moreover, hackers know that law firms have notoriously weak security. In fact, authors Daniel Garrie and Bill Spernow cite that at least 80% of leading U.S. law firms have experienced a cybersecurity breach, and many others could be completely unaware that their data has been compromised. Notwithstanding this striking vulnerability, the majority of law firms remain woefully unprepared to prevent a cyberattack or manage the resulting fallout, including ethical violations, malpractice liability, tarnishing of the firm’s reputation, and the enormous costs of investigation and lost productivity.
Law Firm Cybersecurity—a brand new publication from the ABA—guides law firms of all sizes through the “Ten Commandments” of cybersecurity and surveys the types of cyberattacks that have plagued law firms. It is essential to understand that everyone is a potential target for hackers—accordingly, the authors stress ways to frustrate hacking attempts and avoid being low-hanging fruit. They explain in plain language the security controls provided by the various types of cryptography and encryption, as well as the information security management standards promulgated by the International Organization for Standardization. There is also discussion of the role of the Legal Services Information Sharing and Analysis Organization (LS-ISAO) in defending against cybersecurity threats, as it builds a knowledge base by encouraging communication about breaches, and it collaborates with law enforcement to thwart cyberattacks and develop stronger controls. Finally, the authors set forth a comprehensive cybersecurity framework to implement at your firm, and an analysis of how to best structure your firm with internal network controls and staffing to prevent cyberattacks.
Law Firm Cybersecurity is part of the Library’s Law Practice Management Collection.