How Law Firms Can Guard Critical Information from Cyber Attacks

By Derek Brost

Legal firms, both large and small, must take into account how devastating a cyber attack can be on their ability to operate. The rapid growth of technology has led to an increase in cloud-based solutions that offer many beneficial perks, but unfortunately has created a stronger potential threat. McAfee Labs’ details that threat in a recent report which states that over 353 million infected files [Note: link opens a PDF] found their way onto networks in Q4 2015. Additionally, daily attempts to get individuals to navigate to a compromising URL reached 157 million in the same quarter. The scariest part being that these requests often occur unknowingly to the user of the computer.

Cybercriminals have made a living targeting industries which are reliant upon information that needs to be readily available and is strictly confidential. This trend puts law firms at high risk due to the nature of their work, and the recent movement of data to cloud-based case management, record searching, research, and platforms for communication. Legal firms, no matter the size, must see the importance of protecting the sensitive case information of their clients, especially for ongoing cases, against those who wish to threaten their cybersecurity.


Law Firms’ Response to Cyber Attacks

Many notable cyber attacks have occurred on major law firms within the last year, not to mention the high profile Panama Papers leak from Mossack Fonseca. Critical information being targeted by hackers includes: trade secrets of their clients, corporate data and confidential deal-specific information, as well as ongoing case files and their transactions.

Cyber criminals know that their best chance for success comes from targeting organizations they believe to have inadequate detection or prevention solutions, recent data backups, or sufficient disaster recovery protocols set up. In other words, attackers are essentially performing their own risk assessment of how difficult a system would be to infiltrate and extract an organization’s valuable data. Individual practitioners and smaller firms are increasingly at risk, as cyber criminals are aware of their potential lack of IT professionals who could put up a defense against their attacks. Smaller firms may find that their only solution is to pay intruders in the case of a ransomware attack because of this. This solution, however, is only fueling additional growth in cybercrime.


How Can Responses Improve?

Sophisticated, malicious software utilized by cyber criminals makes it nearly impossible for there to be one perfect defense against attackers. With that being said, the implementation of business continuity (BC) and disaster recovery (DR) plans can provide law firms with peace of mind that they will have continuous protection of their important data from cyber attacks. Many firms aren’t even aware of the myriad options available to protect their data. Firms can find great value in the investment of a third party vendor who can provide backups and replication to ensure business continuity, even in the event of an attack.

Backups: A backup solution ensures that copies of important files are periodically made in an effort to combat a cyber attack. An effective backup solution should store copied data in a separate, offline, physical location to protect the data during an online attack. A drawback to this solution is that it may require an increased amount of time to regain access to information, as the copies will have to be retrieved in the event of an infiltration. It is important to note that, with this method, there is the possibility of some incremental data loss because it is not likely that backups will be performed frequently enough to protect all recent changes.

Replication: This process sends your crucial data to an offsite location after it has been replicated, and can be performed in real-time or in timed increments. This option is more effective than a backup solution for law firms looking to quickly recover data after an attack. Accessing your data more quickly is possible because it is stored in a readily-accessible cloud location. It is important to note that this process can be rendered ineffective if the attack is not caught quickly and replication is immediately stopped. This can lead to corrupted data being sent to your offsite location, damaging your data there as well.


Full Protection is Key

The legal industry is very complex, which makes it difficult to implement a one-size-fits-all approach to disaster recovery. A mixed approach, utilizing both backup and replication-based disaster recovery solutions, is often the best way to protect a law firm. This mix provides both physical locations for copies, as well as more recent cloud copies that offer faster recovery times. Implementing both types of recovery solutions can help to negate each approaches independent residual risks. Disaster Recovery-as-a-Service (DRaaS) providers can offer firms customized solutions that are tailored to their individual needs and offer multiple levels of data recovery. The urgency of legal work should make the value of effective disaster recovery solutions quite apparent.

It is the responsibility of legal data stewards to perform due diligence in planning, budgeting, executing, testing, as well as verifying backup and recovery services in an effort to defend cybersecurity threats. A well-planned disaster recovery (DR) plan helps small practices and individual practitioners protect their valuable data from cyber criminals.

As they say, perhaps even more so for legal work — time is money.

About Derek Brost

Derek Brost, Director of Engineering at Bluelock, is a certified Information Systems Security Professional (CISSP) with a 20 year background in IS/IT operations, architecture, and information security.

More About Derek