A VPN is one of the best ways to provide data and communication security, but the buck shouldn’t stop there. Attorneys working from home need to make sure they brush up on their firm’s latest cybersecurity practices.
It’s no secret that hackers follow the money, the most valuable targets are those with hefty cash assets or those with critical information that can lead to financial gain. Law offices are certainly no exception to this rule and are increasingly targeted by bad actors, but proper cybersecurity can stop them.
In 2016, prosecutors in the United States charged three traders with securities fraud. The trio was alleged to have made more than US$4 million tradings on intel stolen from two well-known law firms, according to the Financial Times. Perhaps the most memorable firm hack in recent history was the Panama Papers scandal; millions of confidential documents detailing offshore shell companies and financial dealings between numerous people and companies were exposed when Panamanian firm Mossack Fonseca was attacked.
Complicating matters is the fact that law firms are not always attuned to the risk of cybercrime. In 2012, a Mandiant Corp. study showed that 80 percent of the US’ 100 biggest firms were victims of a hack. And in 2015, a survey run by the American Bar Association suggested that one-quarter of all firms with 100 or more lawyers had been breach victims — most concerningly, just under half of all these firms had no response plan. Furthermore, security measures were found to be lacking with most firms relying on basic tools only. While firewalls, spam filters, and virus scanners are useful, these rudimentary tools aren’t enough to ensure data security.
Notable firms and larger practices aren’t the only targets, individual attorneys are also at risk. A large amount of confidential and sensitive client information lawyers retain makes them an attractive target to cybercriminals. Plus, hackers are well aware that smaller firms and individual lawyers don’t have large cybersecurity budgets or IT teams.
Now, with many lawyers in the US and around the world working from home as opposed to in an office setting, the risks have increased exponentially. Sasa Markota, an attorney specializing in IT and technology, noted “Clients trust that the information they provide to me is confidential and the only way to achieve this is through secure communication and secure storage. Now, due to the COVID-19 pandemic, I mostly work from home and rarely meet with clients in person, the security of communications is one of the main concerns.”
Attorneys have a duty of confidentiality to their clients, the onus is always on the attorney to keep communication secured. Failure to do so can result in privilege being negated, cases jeopardized, or a firm’s internal structure being put at risk.
One way attorneys can meet their cybersecurity responsibilities while working from home is to invest in proper encryption software. A Virtual Private Network (VPN) works as the name suggests by creating a private, secure connection keeping data and communications safe and secured. These tools use encryption to scramble data when it’s sent, making it unreadable to any virtual eavesdroppers. Furthermore, VPNs mask IP addresses so any online activity is difficult if not impossible to trace and track.
Lawyers may also find VPN software useful when they need to skirt any geo-blocked websites and for research reasons. Adjusting the VPN software’s connection point also adjusts a device’s virtual IP address, making it easier to get the right information faster. For example, if an attorney needs information specific to New York state but they are located in California, they can switch the VPN’s server to New York and received tailored information in search results.
A VPN is one of the best ways to provide data and communication security, but the buck shouldn’t stop there. Attorneys working from home need to make sure they brush up on their firm’s latest cybersecurity practices and recommendations and follow these carefully. Firms must ensure they provide this information to staff to mitigate the increased risks that come with a dispersed staff working on home networks and personal devices.