When news broke of the Panama law firm getting hacked earlier this month (“The Panama Papers”), my first thought was “I’m very glad we don’t insure them!”
My second thought was “I wonder how many of our insureds have clients that make them targets?”
It may be more than you think.
Dangers from Third Parties
Sometime, as an attorney, you could be involved in a case that becomes higher profile that you imagined it would.
In another matter, you may represent an individual or corporation that doesn’t have the best reputation.
In either of these scenarios, a third party crusader may decide that your client is evil. The crusader could attempt to use your firm’s systems to access – and publish – your client’s sensitive information from your computers.
In a worst case scenario, the third party crusader may consider your law firm evil for doing your job and defending your client, resulting in sensitive information from all your cases being leaked.
Providing legal counsel suddenly makes you a public enemy who is targeted by social justice hackers due to your work.
Danger from Clients or Opposing Parties
North Carolina is home to many leading tech companies and tech startups. We also have several universities and colleges churning out tech savvy students each year.
This means that a disgruntled party in a case could feasibly do a lot of damage. Handling a divorce? Perhaps a disgruntled client or opposing party who has to pay alimony happens to be a top notch computer programmer.
If this disgruntled party blames you for the results of a mediation or hearing, he or she could decide to retaliate using their skills.
A relatively simple case suddenly has major danger attached to it.
The Weakest Link
Your technical security is only as strong as the weakest link. Here are a few examples of problematic activities that endanger your firm:
Staff members who always click on any attachment they are sent. We’ve all been warned about the scams that pretend to be from one person but are really malicious emails sent from someone you know. The clicker could very easily provide access to your system for ransomware or unwittingly transfer funds from your trust account to the wrong party. Read this article by the State Bar regarding scams that target your trust account.
Staff members that create weak passwords. A weak password is easy to hack into. The top passwords of 2015 were still “123456” and “password.” Many hackers run programs that scan everyday words as possible passwords to gain access to your system – with the most common passwords being used first. Here are some tips for creating a stronger password.
Staff members who don’t update their computers regularly. Many times, updates include security patches for known issues. If you or someone in your office isn’t installing updates regularly, that means there is potential that a hacker could exploit that weakness and cause issues.
Staff members who access your network on personal devices. You have more control over what happens with your office equipment than you do on your staff’s personal devices. These dangers are somewhat greater for mobile devices when you consider that most people don’t read the list of permissions necessary to download an app. That simple Mahjong game could be accessing your firm email.
How to Protect Your Clients and Your Firm
The best way to address these issues is through clear office policy.
Create protocols for opening email attachments. Sending a simple return message to acknowledge receipt of the documents serves as both good customer service and confirmation that the party actually sent the documents you received.
Develop password requirements that force users to create a stronger password. One of the easiest things to do is require passwords have a certain number of characters and then include three or more of the following: lowercase letter, uppercase letter, number, and symbol.
Set up automatic updates for your computers. If users don’t have to worry about periodically looking for updates – or having updates interfere with their work – it is easier to have them installed. Windows, and many software programs, can automatically install important updates.
Implement guidelines for accessing your network on personal devices. The ability to access firm email on a mobile device should include permissions for the firm to wipe the device remotely if it is lost or stolen.
Lawyers Mutual provides a sample Data Security Policy that covers these issues, and many others. Contact us if you have any questions about how to make your system as safe as possible.
About the Author
Samantha Cruff is the Marketing Communications Coordinator at Lawyers Mutual. Contact Samantha for information regarding our available risk management publications at 800.662.8843 or email@example.com.