By Aaron H. Wallace, Esq.
Lawyers looking for guidance on cyber security will find no shortage of information online. The problem is that it’s all just so complex! Unfortunately, there’s no way to un-complicate technology. But it is possible to start with the basics, learn the ropes, and expand your preparedness from there.
Cyber crime is a fact of life these days, and law firms are regrettably among the top targets. Cyber security experts advise lawyers that a virtual attack on their practice is a “not if but when” proposition. Given that reality, it behooves each of us to ensure our systems are as well-defended as possible — and that we are prepared in the event of a data breach that evades even our best defenses.
Remember: a cyber attack on your law firm can lead to all kinds of undesirable consequences, from clients bringing claims against you to data loss, lost productivity and missed deadlines due to system shutdown, costly recovery expenses, reputational damage, embarrassing public disclosures, diverted funds, disciplinary actions, and more.
Below, we provide a series of first-step checklists to help you get started on the path to robust cyber security — a path you want to travel as urgently as possible!
Secure Your Systems
Your network is the thing that cyber thieves want access to, so it makes sense to double-down on securing it. Your network consists of the devices you use (computers, mobile devices, etc.), your server, backup disks, online accounts, cloud storage, internet connection, etc. You’ll want to secure each component of your network to the greatest extent possible.
- Set up a VPN for your home and office networks
- Use multi-factor authentication
- Create strong, unique passwords for each login (never repeat the same password)
- Engage in responsible usage of passwords — including regular password changes — and encourage the same from everyone in your organization
- Password-protect all of your Wi-Fi connections
- Set up automatic software and firmware updates, but don’t rely on them — still routinely check to make sure your systems are always up to date
- Work with an IT professional to set up appropriate firewalls to monitor and limit traffic in/out of your network
- Secure physical access to your systems too (e.g. monitored alarm and camera systems on your office and home)
Assess Your Systems
- Contact a local cyber security expert to conduct a cyber security risk assessment to examine your IT systems and determine their ability to defend against likely attacks
- Ask your cyber security vendor about conducting a penetration test
- If you do not have in-house IT in your firm, consider contracting with an IT service provider who can help you understand your systems and keep them in good shape
Know Your Duties
- Read these articles from The Florida Bar: Attorneys Must Protect Their Clients’ Sensitive Data by Jack Harkness | Lawyers Need a Back Up Plan for Their Backup Plan by Jim Ash | Cybersecurity 101 for Florida Law Firms by LegalFuel
- Consult the Florida Bar Rules of Professional Conduct
- Stay apprised of newly published ethics opinions pertaining to cyber security and evolving technological standards
- Stay educated by following the news (including legal news pertaining to cyber attacks in Florida and beyond), signing up for Florida Lawyers Mutual’s online newsletter at the bottom of this webpage, following Florida Lawyers Mutual on social media (links at the top of our website), and regularly viewing CLE on cyber security and ethics for Florida lawyers
- When in doubt, err on the side of caution
- Remember that The Florida Bar ethics hotline is available as a resource
Plan for a Breach
- Work with a cyber security expert to prepare an actionable, up-to-date Incident Response Plan to govern your firm’s response to a breach, intrusion, or other incident in the future
- Make sure you have adequate cyber liability insurance in place. Lawyers’ Errors & Omissions policies generally do not provide coverage for cyber liability insurance. However, Florida Lawyers Mutual automatically attaches a Tokio Marine HCC cyber liability endorsement (subject to terms and limits) to every E&O policy, with options available for increased limits for qualifying applicants.
- Florida Lawyers Mutual members can also call the exclusive, cost-free Cyber Risk Management Hotline to speak with a cyber security expert for general guidance to assist in their risk management planning
Become Your Own Expert
- Look for CLE courses that cover current best practices in cyber security for law firms in Florida
- Read through the materials in our Cyber Security Resource Center
- Follow the news and sign up for cyber security newsletters
- Learn the basics by reading through our Cyber Security Glossary
Train & Educate Your Staff
- Distribute this printable Wire Transfer Fraud Prevention flyer to each member of your law practice and instruct them to keep it posted near their computer devices, keeping cyber security top of mind
- Require employees to follow sound password practices
- Tell your team about social engineering and how to avoid it
- Impress upon your staff just how real, present, and severe the risk of cyber security is. Make sure they understand that Florida law firms — including paralegals, receptionists, legal assistants, law firm administrators, etc. — are actively targeted every day.
- Consider instituting a cyber training & testing regiment for your organization
- Remember that human error is the top cause of cyber security failure, and law firm support staff are often the “back door” by which cyber criminals intrude
- Florida Lawyers Mutual members: you can access a library of law firm staff training resources specific to cyber security by logging into your member-exclusive portal and accessing the CyberNet Library
Adopt a New Mindset (and New Habits!)
- Regard every incoming email with a healthy skepticism
- Commit to remaining vigilant against the constant threat of cyber crime — it’s not going away!
- Cultivate a culture of precaution throughout your organization
- Determine that you will break bad habits and embrace good cyber hygiene practices to stay one step ahead of bad actors!
About Florida Lawyers Mutual
Created by The Florida Bar so that Florida lawyers would have a high-quality source for professional liability insurance, Florida Lawyers Mutual is the state’s only direct-write lawyers’ professional liability insurer and the only one created by The Florida Bar. A-rated by AM Best for Excellent Financial Strength and owned by its member lawyers, Florida Lawyers Mutual offers high-quality policy features (including an automatic cyber liability endorsement on every policy at no additional premium cost — with increased limits options available to qualifying applicant), valuable membership benefits, and legendary member service. The Company recently declared an historic member dividend and launched an extensive library with 33+ hours of cost-free CLE for its member lawyers.* Learn more or apply for coverage at www.flmic.com.
*Dividends are paid at the sole discretion of the Company’s Board of Directors. This year’s dividend does not guarantee the payment or amount of future dividends.
Get a Quick Premium Indication with no obligation: