COVID-19 and Cybersecurity for In-House Legal Departments

A sudden need for (more) cybersecurity

Suddenly, everyone was forced into work-from-home roles. This was a situation I was nine years familiar with, but for many of you, it was a new concept. It was certainly new to companies. And, it brought with it a host of unexpected issues.

One of them being cybersecurity: employees are outside of their firewalled offices. Many are working on personal devices. Some are even connecting to public networks while performing confidential and critical work for the business.

As I was reading the June issue of the Colorado Lawyer, produced by the Colorado Bar Association, one of the opening articles caught my eye: “Best Practices for Law Firms During a Pandemic” addressed security in remote working situations.  This made me think – how are the attorneys I work with affected, and can I help?

The National Law Review noted that ransomware was one of the three top cyberattacks affecting firms.  The article discusses investing in intelligent IT systems is one way to protect against such attacks.  Stating that one in four organizations in the US will be breached, it points out that lawyers will lose $4.62 million dollars for every breach.  Advising that you must anticipate data breaches, the article recommends that spending the money on intelligent IT is cheaper (and less of a headache) than dealing with breaches.

What is ransomware?  It’s defined as “a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid…[M]ore advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them…Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.”

So, how does this apply to in-house counsel?  Law.com published a set of points to guide them in addressing these new challenges in light of COVID-19. Even during normal periods, ransomware would be a worst-case scenario for in-house counsel, as you’re locked out of your data and blackmailed to pay for access.

Even after payment, there is no guarantee that the attackers will return access or that the data will be intact.  But, let’s say you pay and everything is restored, or you have your data backed up so you can refuse to pay.  Is all hunky-dory now?  Unfortunately, no.

Removing local devices from your processes

A best-in-class legal workflow automation solution (like our own TAP) automates high-volume, low-complexity tasks and removes the need to track different requests in spreadsheets or email.  Again, the safety of a secure cloud network applies, as you remove local servers and devices from the equation.

Additionally, in-house counsel will be insulated from malware or phishing that might come from an infected outside counsel email or phishing scam.  Utilizing these next-generation solutions means law firms send you secure invoices that do not touch your system, so there’s no infiltration via attachments or links.

Finally, in what’s probably music to your ears, using a proven provider like Mitratech means you’re transferring liability from your corporation to that vendor.  Should there be an attack, responsibility (and cost) are off your shoulders!

No more sitting ducks

Long story short, it seems that with all the crazy distractions in the current world, lawyers are sitting ducks. The cybercriminal sharks smell blood in the water. The safety and precautions you put in place to keep your environment secure at the office do not transfer to the homes of your in-house counsel and other staffers.