The need for cyber security in law firms

An interesting article came through our feed today mentioning the need for cyber security in law firms.  As an information security company that works with law firms, we couldn’t agree more.  The article makes a number of points, but leaves a couple of critical things out, and we’d like to cover those here.  It’s worth noting that the advice here applies to practically any organization (not just law firms).

The article suggests the following five items for all law firms to increase their security:

  1. Use password managers
  2. Update computer software
  3. Use encryption software
  4. Use encryption software
  5. Use multi-factor authentication (MFA/2FA)

Risk landscape for law firms

At Rendition Infosec, we don’t fundamentally argue with any of these. We do however think that this falls well short of information security best practices for most law firms.  The reality is that lawyers deal with sensitive data every day and that makes them a target for attackers.  Sensitive data might include mergers and acquisitions information from clients. This data, if compromised, can have major economic impacts to both the law firm and the client.

Attackers may also target law firms for more than just the data they have.  Many users, even those at the most secure organizations, expect email communication from external counsel. Attackers may target law firms as a way to get into other networks more easily. Law firms should think of this as extending their cyber risk to their clients.

Need for network security monitoring

There is little doubt that law firms (and those working for law firms) are being actively targeted by attackers. However, few have active network security monitoring, particularly small firms with only a few partners.  Especially at smaller firms, it is almost a foregone conclusion that attackers will eventually find their way into the network.  Attackers can try as many times as needed – the victim only has to be unlucky once.

Assuming the attacker gets into the network, how long will they be there?  Indefinitely, unless they are detected. This is where network security monitoring comes into play.  Without network security monitoring, organizations rely on antivirus signature updates to catch the attacker’s malware.  For reasons we’ll cover in a later blog post, this is a losing battle.  Advanced attackers are almost never caught by antivirus signatures.  Even when they are, they rarely have only one access method to a given network.  The bottom line is that antivirus alone won’t remove an attacker from the network.

If you are a client selecting a law firm, ask them if they have network security monitoring. If not, consider taking your business elsewhere.  Why take steps to protect your data in your own network only to have it stolen from external counsel? There are plenty of  law firms that implement good security monitoring – there’s no reason to risk your data to one that doesn’t.

Need for third party application testing

Law firms often use third party applications, many of which have not undergone extensive security testing. Don’t assume that just because a product is marketed to law firms that it uses encryption or authenticates sessions appropriately.  At Rendition, we’ve seen several that shouldn’t be seen fit to process any sensitive data, let alone the highly sensitive data likely to be processed by legal firms.  A third party application security test can locate issues with these applications before your customer’s security is put at risk.

Closing thoughts

Whether you outsource your monitoring to professionals like Rendition or DIY monitoring in-house, know that you are a target. Network security monitoring costs less than you might think.  For very small firms, Rendition can give you the peace of mind that comes with network security monitoring starting for around $5,000 per year (obviously the price goes up for larger firms as more devices are monitored, contact Rendition for more information).  In the unfortunate event that you are compromised, Rendition can provide real time incident response support to contain the infection, investigate the root cause, and understand the damage.