Tracy Levine, CEO, SonKsuru, Patent Pending Quantum Smart™ Cybersecurity: Quantum Safe, Quantum Secure, Quantum Resistant, Quantum Proof.

The courts are building the roadmap for holding law firms legally and financially liable for not protecting private data. On September 2, 2022, a unanimous decision by the U.S. Federal Appeals Court means “class-action suits over data breaches no longer require proof of actual harm.”

The justices argued that the plaintiffs did not need proof of current harm from the breach to go forward with a class action lawsuit. In their opinion, allegations of future injury “suffice if the threatened injury is ‘certainly impending’ or there is a ‘substantial risk’ that the harm will occur.”

Law Firms Facing Exponential Cyberthreats

The scale of the impending cyberthreat is staggering. According to Cybersecurity Ventures, by 2025, it is predicted that the world will suffer a loss of $10.5 trillion yearly due to cybercrime. This estimate underscores the catastrophic implications of cybercrime, which has been identified as the greatest transfer of economic wealth in history.

The enormity of these numbers serves as a stark reminder of the pervasive nature of the threat and emphasizes the urgent need for law firms to take proactive steps to safeguard their assets and their client’s assets from cyberattacks.

In our increasingly digital world, securing sensitive client information has become a paramount concern for individuals and organizations alike. For lawyers and law firms, this concern is especially pressing. With access to some of the most sensitive information that exists, lawyers are constantly at risk of being targeted by hackers who seek to exploit their data for personal gain. The consequences of a data breach can be severe, not only for the law firm itself but also for the clients whose information may be compromised.

Securing Your Law Firm’s Digital Office

The security of your digital office is arguably even more critical than that of your physical office, as the consequences of a cyberattack can be far-reaching and devastating. Whether your employees work from an office or home, they all go to your law firm‘s digital office daily. It is now just as important to secure your law firm’s digital office as it is to secure your physical office.

The digital office is where your employees access critical information, communicate with clients and colleagues, conduct sensitive transactions and utilize digital tools. Just as you would take measures to secure your physical office, such as installing locks and security cameras, it is essential to implement security measures for your digital office.

Shrinking Your Law Firm’s Attack Vectors

Tackle identity sprawl.

According to Verizon’s 2022 Data Breach Investigations Report, people are responsible for 82% of data breaches. Phishing and social engineering to gain passwords is a favorite method by cybercriminals to gain access to your law firm.

The strength of a vault is only as secure as the keys and processes that protect it. A highly fortified law firm with multiple locks and state-of-the-art security measures may provide a false sense of security if the keys that grant access fall into the wrong hands.

Law firms can quickly shrink their identity sprawl by implementing federated or SSO login integration with service providers such as Microsoft 365 or Google Workspaces. This eliminates the need for employees to have multiple passwords and utilize password vaults. The law firm centrally controls the strength of the multifactor authentication and all password protocols for entry into their digital office, which includes entry into software vendors.

Adopt a zero-trust architecture strategy.

The federal government, through an executive order, trust architecture (ZTA) for all federal agencies by 2024″>is mandating a zero-trust architecture (ZTA) for all federal agencies by 2024 to secure national security and infrastructures. Law firms should consider adopting a zero-trust architecture (ZTA) as a best practice to better align with ABA Formal Opinion No. 483 on data breaches and ABA Rule 1.6 Confidentiality Requirements. The first rule of a zero-trust architecture is to assume you have been breached.

Today, most cyberattacks are carried out or sponsored by nation-states looking to cause destruction, harm and possibly civil unrest today and in the future. With the promise of quantum computers to break current encryption, the proliferation of “steal now, decrypt later” attacks are multiplying.

The attack vectors are shifting as cybercriminals look to grab more and more data through any exposed attack surface. According to the IBM Cost of a Data Breach 2022 Report, cybercriminals are increasingly targeting third-party vendors, including cloud vendors. As the attack vectors continue to expand, relying on a hunker-down and bunker-down strategy is unrealistic. Law firms need to assume that cybercriminals will get into their data.

With a ZTA, access to client information is only granted on a need-to-know basis, reducing the risk of unauthorized access. Additionally, a ZTA provides continuous monitoring and logging of all access to sensitive information, giving the firm visibility into who is accessing their client’s data and when. This can help firms quickly detect and respond to any potential security breaches.

The time to act is now.

Law firms must take notice of the recent court decisions and understand the importance of protecting their clients’ private data. With the legal and financial liabilities for data breaches now becoming clearer, firms must take proactive steps to secure their systems and implement strong data protection measures.

By reducing identity sprawl and adopting a ZTA, regularly assessing and updating their security posture, and training employees on the importance of data security, law firms can reduce their risk of a data breach and protect their client’s sensitive information. The legal industry’s future depends on the protection of client data, and law firms must rise to the challenge and take the necessary steps to secure their systems and protect their clients.

---

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

---