The cybersecurity research of the law departments and law firms indicates that the law departments and law firms are significantly being tasked by the management and C-Suite to acquire a leader in the maintenance of cybersecurity. However, both the law departments and firms continue to fight with the preparation and reaction to the risks of cybersecurity (Goldberg, C.A 2014). The law firm’s and department’s state of cybersecurity has been lagging behind when it comes to preparation and reaction to the cybersecurity issues. The industry, however, has improved slightly and the law departments have been significantly held for being answerable for the cyber-attacks in the organization (Randall, and Kroll 2016).
Cybersecurity challenges facing the legal industry
The main challenge faced by the law firms is the insecurity in the storage of law firm’s as well as the client’s information in the firm. Numerous breaches have been experienced in the legal firms for many years because of the easy accessibility to various targets with a single breach at once. For this reason, the clients force the legal businesses to implement pessimistic security (Rhodes and Polley 2013). The clients push the firms to enforce security measures that are pessimistic such that information is not shared within the firm (optimistic security) and only the individuals working on the case have access to the information.
The employees of the legal business can be the main cybersecurity risks to the firm. The law organizations are the main targets of the Cyber delinquents for the valuable data of the clients. Approximately 40% of the firms that have been breached might not be aware of the breaching because some of the cybercriminals are the employees in the firm, particularly the IT experts. The main cybersecurity threats are often as a result of the organization’s workers, the employees might unintentionally or even intentionally infect the IT systems of the firm and therefore bringing about issues such as cyber breaching (Ezekiel 2012). From the ‘Panama Papers’, it is illustrated that 10 million files were leaked from the Mossack Fonseca’s database which is a large offshore legal firm.
Westby (2013) suggests that the legal corporations usually make the lawyers easily accessible to the potential clients by placing the email communication information of the lawyers and attorneys on the law companies’ websites. The action poses a great challenge to the legal practices as the cybercriminals visit the companies’ websites and obtain various email addresses together with the lists of the valid emails and the criminals use the emails to target and threaten the attorneys and lawyers (Contreras, DeNardis, and Teplinsky 2012). This has proved to be one of the greatest challenges to the law firm industry.
Phishing is the greatest issue in the law industry. Lawyers are greatly affected by phishing since they usually handle very sensitive information, particularly the clients’ data. The cyber attackers gather the lawyers’ Personal information, such as numbers to the credit cards and passwords, by employing deceptive websites and emails, by doing so the criminals are able to steal the lawyers’ sensitive information (Singer, and Friedman 2014).
The state-nation attacks are among the greatest threats to the security of the law industry. The cybersecurity challenge to the legal corporations is as a result of the international footprint of the industry and the requirement to accumulate the client’s sensitive information (Shields 2015). The cybercriminals have greatly advanced and have become more aggressive and sophisticated, however, the law firm leaders, on the other hand, fail to handle the issue effectively. Lately, a hacker in Russia was apprehended for owning confidential information.
Sobowale (2017) states that a legal firm is a place where shifting alliances and constant change occurs. For this reason, the law corporations experience major challenges in protecting the data for the clients from the ‘insider threats’. Everyone leaving a particular law firm leaves with a lot of data from the clients as well as that from the proprietary firm, this might be difficult for the company to detect events of cyber breaches in the company.
The cybersecurity challenges with the cloud systems and the third party benefactors. In the year 2018, the main cybersecurity challenge faced by the legal practices is the internal decree to retain the sensitive forms in-house while still experiencing the growing demands of the clients to access their data safe from any appliance (Simshaw 2014).
Obsolescence of technology is another challenge in the legal industry, one of the reasons why the computer networks and systems become insecure is because of the outdated technology. Most of the legal firms have a technology that lags behind and thus not effectively competing to the cybersecurity landscape threats, therefore the firm and the clients are at risk (Blaustein, McLellan, and Sherer 2016). The firms use very old computers that should be decommissioned thus making it impossible or difficult to secure them properly.
Reduced standards of security for the remote workers is a challenge faced in the legal industries, the departments of IT in the law fields have security protocols that are cumbersome to employ in remote conditions (McNerney, and Papadopoulos 2012). In cases where lawyers tend to work from their home or dials to office through the VPN, the system is usually quite slow and this renders the security controls unproductive.
The intrusion challenge is a great threat that is experienced in the legal corporations. Most of the information in the law field is usually sensitive and therefore very vulnerable to interference. Most lawyers do not understand the susceptibility of the client’s data and this encourages loss of ital. information through intrusion (Hiller, and Russell 2013).
The lack of the security awareness programs in the legal companies is a great challenge faced by the industry at large. The employees fail to understand how susceptible the information they bare is and this has encouraged cases of cybersecurity threats in the field (Shackelford, Russell, and Kuehn 2016). The IT system of the legal firms is usually easily accessible and in case of any upgrades, most of the users don’t understand how to effectively handle it.
Solutions to the challenges
To maintain the security of the firm’s and client’s data, there is the need for the provision of alternative storage means of the information. The data should be stored effectively and the data in a 3rd party cloud benefactor should be managed effectively and user entree to the firm’s databases should be limited. The transition provides the lawful fields with the recent technology, it also allows the firms to bank on the security protocols and experts in the third party (Moore, Dynes, and Chang 2015).
The rogue employees' issue can be dealt with by the implementation of cultural change strategies. Employees hold the company’s essential information and can leak the info intentionally or unintentionally, however, to minimize such occurrences in the law firms, the corporations need to move from the ‘trusted advisor’ mindset to the current reality that they are providers of the third party amenities and the data handled in very confidential (Karake-Shalhoub, and Al Qasimi 2010). The firms should prioritize the data security aspect and therefore the data should be protected by all means and all employees should be effectively trained to avoid issues of unexpected cybersecurity mistakes. The firms should provide the employees with free and proactive cybersecurity training programs to enhance the workers’ skills and awareness towards maintaining cybersecurity (McCrohan, Engel, and Harvey 2010).
The firms should maintain an up-to-date technology ecosystem to ensure the protection of the firm’s data and client’s data. The firm should embrace the idea of replacing the old computers with the new computer systems that usually have security systems that are in-built, therefore the computers are inherently easier and safer to use than the aged computers (Dupont 2013.) The corporations need to employ the use of appropriate decommissioning procedures when replacing the older systems. There should be secure access to the sensitive files through the technology of desktop virtualization for TLS/SSL covered applications and info that is well indicated across the laptops, PCs, mobile phones and tablets (Sales 2012).
The legal fields need to understand the intensity of the information intrusion threat, therefore develop strong procedures and policies that will ensure detection and prevention as well as mitigation of the info. Measures need to be put in place to avoid easy accessibility of the sensitive client’s information. The older method of storing hardcopy documents in lockers and closing them minimizes the aspect of easy data accessibility (Hughes 2014). The law practices should implement information storage policies that ensure that the documents are placed in the firm’s main storage systems only. The firms should air-gap and partition the sensitive information and exploit the practical cyber policy to mitigate data exposure (Lunn 2014).
The law firm is one of the industries that hold most of the sensitive information that attracts a high percentage of cyber-attacks. However, the issue of cybersecurity in the legal industry has not been of great focus in this field and this has led to the exposure of the industry to various cybersecurity threats (Orji 2012). For these reasons, there is the need for the implementation of various strategies to curb the enhancement of the cybersecurity challenges in the legal industry
Blaustein, S., McLellan, M.L. and Sherer, J.A., 2016. Digital Direction for the Analog Attorney-Date Protection, E-Discovery, and the Ethics of Technological Competence In Today's World of Tomorrow. Richmond Journal of Law & Technology, 22(4), p.10.
Contreras, J.L., DeNardis, L. and Teplinsky, M., 2012. Mapping today's cybersecurity landscape. Am. UL Rev., 62, p.1113.
Dupont, B., 2013. The proliferation of cyber security strategies and their implications for privacy. Circulation internationale de l’information et sécurité, Montréal, Les Éditions Thémis, pp.67-80.
Ezekiel, A.W., 2012. Hackers, spies, and stolen secrets: Protecting law firms from data theft. Harv. JL & Tech., 26, p.649.
Goldberg, C.A., 2014. Rebooting the Small Law Practice: A Call for Increased Cybersecurity in the Age of Hacks and Digital Attacks. Am. J. Trial Advoc., 38, p.519.
Goldstein, M., 2014. Law firms are pressed on security for data. New York Times.
Hiller, J.S. and Russell, R.S., 2013. The challenge and imperative of private sector cybersecurity: An international comparison. Computer Law & Security Review, 29(3), pp.236-245.
Hughes, S.J., 2014. Did the National Security Agency Destroy the Prospects for Confidentiality and Privilege When Lawyers Store Clients' Files in the Cloud-And What, If Anything, Can Lawyers and Law Firms Realistically Do in Response. N. Ky. L. Rev., 41, p.405.
Karake-Shalhoub, Z. and Al Qasimi, L., 2010. Cyber law and cyber security in developing and emerging economies. Edward Elgar Publishing.
Lunn, B., 2014. Strengthened director duties of care for cybersecurity oversight: Evolving expectations of existing legal doctrine. JL & Cyber Warfare, 4, p.109.
McCrohan, K.F., Engel, K. and Harvey, J.W., 2010. Influence of awareness and training on cyber security. Journal of internet Commerce, 9(1), pp.23-41.
McNerney, M. and Papadopoulos, E., 2012. Hacker's Delight: Law Firm Risk and Liability in the Cyber Age. Am. UL Rev., 62, p.1243.
Moore, T., Dynes, S. and Chang, F.R., 2015. Identifying how firms manage cybersecurity investment. Available: Southern Methodist University. Available at: https://blog. smu. edu/research/files/2015/10/SMU-IBM. pdf (Accessed 2015-12-14), 32.
Orji, U.J., 2012. Cybersecurity Law and Regulation (pp. 398-400). Wolf Legal Publishers.