COVID-19 and Cybersecurity for In-House Legal Departments
Like many attorneys, my passion for the law began at a young age. In a story my parents like to recount, I asked for something (I forget what), they promised, and I put it in writing and made them sign it (clearly my parents weren’t trustworthy in my young eyes – ha!).
Fast forward many years later and I entered the large law firm litigation world bright-eyed and bushy-tailed. A few years after that, I found myself in the same position many women do – loving my career, but wanting to start a family. As a solution, I fell into legal technology. I was able to use my degree and training to hold critical discussions with my peers, but I was able to work from home and be the kind of mom I’d dreamed of being.
Several years after my career change, I find myself at Mitratech, the company that pioneered legal technology for in-house counsel. I was happily learning my new role when 2020 rolled around…and we all know how that changed life for all of us.
A sudden need for (more) cybersecurity
Suddenly, everyone was forced into work-from-home roles. This was a situation I was nine years familiar with, but for many of you, it was a new concept. It was certainly new to companies. And, it brought with it a host of unexpected issues.
One of them being cybersecurity: employees are outside of their firewalled offices. Many are working on personal devices. Some are even connecting to public networks while performing confidential and critical work for the business.
As I was reading the June issue of the Colorado Lawyer, produced by the Colorado Bar Association, one of the opening articles caught my eye: “Best Practices for Law Firms During a Pandemic” addressed security in remote working situations. This made me think – how are the attorneys I work with affected, and can I help?
The National Law Review noted that ransomware was one of the three top cyberattacks affecting firms. The article discusses investing in intelligent IT systems is one way to protect against such attacks. Stating that one in four organizations in the US will be breached, it points out that lawyers will lose $4.62 million dollars for every breach. Advising that you must anticipate data breaches, the article recommends that spending the money on intelligent IT is cheaper (and less of a headache) than dealing with breaches.
What is ransomware? It’s defined as “a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid…[M]ore advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them…Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.”
So, how does this apply to in-house counsel? Law.com published a set of points to guide them in addressing these new challenges in light of COVID-19. Even during normal periods, ransomware would be a worst-case scenario for in-house counsel, as you’re locked out of your data and blackmailed to pay for access.
Even after payment, there is no guarantee that the attackers will return access or that the data will be intact. But, let’s say you pay and everything is restored, or you have your data backed up so you can refuse to pay. Is all hunky-dory now? Unfortunately, no.
Defending against “nuclear ransomware”
According to Bruce Sussman, criminal hackers are evolving and creating ‘nuclear ransomware’; these cybercriminals are now in it to steal your data and expose your secrets. They go after information like billing, customers, and employee information (including retirement accounts, social security numbers, and if your employees use their work devices for personal reasons, all of their personal account information). The result? You’re paying more to keep your confidential information safe.
What can in-house counsel do to protect themselves? Users must look for platforms and solutions that are built from the ground up to deliver a high degree of cybersecurity, like Mitratech’s TeamConnect. Ransomware cannot affect the lawyers and staff using such a platform, even if they are using an MS Office Suite plugin.
Why? In TeamConnect’s case, it’s because Mitratech hosts the cloud data, so documents are not stored locally where they’re more vulnerable. Companies can access their unaffected data anytime, anywhere. Your secrets stay safe.
Removing local devices from your processes
A best-in-class legal workflow automation solution (like our own TAP) automates high-volume, low-complexity tasks and removes the need to track different requests in spreadsheets or email. Again, the safety of a secure cloud network applies, as you remove local servers and devices from the equation.
Additionally, in-house counsel will be insulated from malware or phishing that might come from an infected outside counsel email or phishing scam. Utilizing these next-generation solutions means law firms send you secure invoices that do not touch your system, so there’s no infiltration via attachments or links.
Finally, in what’s probably music to your ears, using a proven provider like Mitratech means you’re transferring liability from your corporation to that vendor. Should there be an attack, responsibility (and cost) are off your shoulders!
No more sitting ducks
Long story short, it seems that with all the crazy distractions in the current world, lawyers are sitting ducks. The cybercriminal sharks smell blood in the water. The safety and precautions you put in place to keep your environment secure at the office do not transfer to the homes of your in-house counsel and other staffers.
The answer, then? Invest in cloud-based solutions, especially those that meet rigorous industry security standards and can show you a track record of success in defending data. It’s worth it to have one less worry on your plate with everything else that’s going on!
[bctt tweet=”Lawyers will lose $4.62 million dollars for every data privacy breach.” via=”no”]