Always be prepared

According to Vincent Polley, there are two kinds of law firms: those that know they have been hacked and those that don’t know they’ve been hacked.

Polley is the president of Know Connect PLLC, an information technology and knowledge management consultancy, and co-author of the just-released book The ABA Cybersecurity Handbook. The purpose of the book he wrote with Jill Rhodes, vice president and chief information security officer for Trustmark Companies, is to help lawyers “know what they need to know” about identifying risks and taking the appropriate actions to protect their data. Awareness is the primary concern, he points out.

And if you think the biggest threat to your internal systems is from the outside, think again. Rhodes says it’s employees you have to worry about and not because they’re malicious but often simply because they are ignorant and “putting your information at risk unknowingly.” Speaking on a panel at the American Bar Association’s annual meeting in San Francisco last month, they couldn’t stress enough how important it is — for law firms and departments of every size and shape, including in-house and governments — to educate lawyers and staff on good cybersecurity practices. That includes everything from not working on confidential documents via the local coffee shop’s open Wi-Fi connection or on public transit to employees not locking down their computers when they leave their desks.

Hacking into law firm computer systems can not only compromise the information held by the firm but may also provide a gateway to access clients’ systems. As a result, law firms are prime targets for the bad guys so lawyers not only need to protect their digital assets but also be sure they have sufficient insurance to cover any cybersecurity breaches. “All law firms need to make an assessment of your cyber risks and make policies based on the presumption that you have insurance,” says insurance lawyer Wesley Sunu, who penned one of the chapters in the handbook. It’s free from your insurer to get an audit of your coverage, so just do it!

And as the last few months have shown, disasters can strike at any time be they floods or exploding railway cars. Not only do you need to be sure your firm’s insurance policy provides for the loss of physical and digital aspects of your office but your information should always be backed up so if there is a disaster, you can recover your client and other types of data and get back to work quickly.

As the Boy Scouts say: always be prepared. Or in this case: always back up.