ALA Feature: Comprehensive Threat Protection for Law Firms

The Anatomy of Comprehensive Cyber Threat Protection for Law Firms

by Heinan Landa / Founder & CEO / Optimal Networks, Inc.


You deposited the cashier’s check and released the funds from your client trust account immediately. According to their emails, your client was in quite a hurry, and was depending on you to move as quickly as possible.

A few days later, you receive notice from the bank: the cashier’s check was fraudulent, and the bank transfer would not go through.

Both your “client”—and all that money you wired to them—were long gone. The bank representative apologizes, but unfortunately there’s nothing they can do…

The email alert said that your account had been compromised. You needed to change your password immediately to prevent any further damage.

Not wasting a moment, you clicked the link in the email body.

Once the web browser launched, you knew something was wrong. Windows were popping up left and right. The web page definitely wasn’t your usual login screen. Something started downloading onto your machine.

Looking back at the email, you now notice the subtle typo in the sender’s email address…


Comprehensive Security Strategy: Moving Beyond Prevention

When it comes to cybersecurity, your attorneys and staff are your weakest link.

According to a recent report by Ironscales, 95% of all successful cyberattacks are the result of phishing scams like those above, which exploit human trust and error to gain access to valuable information, your systems, or your money.

For years there has been an acute focus on preventing cyberattacks via technical controls and policy. This is a critical facet of your overall security strategy, and many firms have made excellent forward progress in this arena.

But as you likely noticed, the most gaping vulnerability for your firm doesn’t have anything to do with exploiting your technology—these cybercriminals are exploiting your people, and with alarmingly high rates of success.

This demands a more comprehensive approach to security that builds on prevention and also pays close mind to detection, remediation, and recovery.

Let’s explore each of these further.


Prevention: Security Awareness Training

If human error remains the primary root of a successful cyberattack, it follows that educating your attorneys and staff on how to identify, avoid, and respond to security threats is your best bet when it comes to prevention.

We’ve found that the most effective security awareness training programs have three prongs:

  1. Annual security training to kick off the program, educate your staff about top threats, how to avoid them, and how to respond.
  2. Monthly security reminders to reinforce and build upon what you learned in the annual training.
  3. Periodic phishing simulation to provide real-life (but harmless) examples of phishing scams, and further educate those who fall for them

LogicForce reports that only 54% of law firms have a formal education program in place, despite the fact that they can reduce your risk of a breach by up to 70%. (And proper training is your only defense against fraudulent money transfers.)

If your firm doesn’t have a training program in place yet, work with your IT team to see how you can make it happen.

Detection: Advanced Endpoint Protection

Endpoint Protection detects malware by way of recognizing known “definitions,” or strings of code that have been identified as malicious. This is your standard Norton or Webroot antivirus software.

Advanced Endpoint protection detects a security incident by way of flagging behavior that it has learned—by way of Artificial Intelligence—to be “unusual” for a particular machine.

Beyond just detecting threats, many of these solutions will cross into the realm of remediation as well. Our solution, for example, will try to resolve security alerts on its own, and will escalate more severe alerts to actual humans at a 24/7 Security Operations Center (something a mere 24% of firms have implemented). It also packages in SentinelOne’s Ransomware Rollback feature that can stop a successful attack in its tracks, and roll your files and Operating System back to a safe state free of the malware.

These packages are stunning in their ability to pick up on even the most subtle signs of budding malicious activity, and contain the threat before damage can be done to your data (or your reputation). If you haven’t considered adding Advanced Endpoint Protection to your arsenal, we strongly recommend it.


Remediation: Backup and Disaster Recovery

If you don’t have an Advanced Endpoint Protection solution that can fully wipe your systems clean of and infection (and even if you do), backup is your best, well, backup!

If your systems are taken down by a cyberattack, a solid backup and disaster recovery solution will let you get back up and running in short order. Even if all your files become encrypted by ransomware, a tried-and-true method of side-stepping the ransom payment and quickly resuming your operations is to recover those files from your last successful backup.

Make sure you have a robust solution in place, and that your IT team regularly verifies that it’s working properly.

As an important note: If you give malware enough time to spread, it’s possible for them to compromise your backups as well. This is why it is critically important to disconnect any potentially infected devices from your firm network immediately.


Recovery: Cyber Liability Insurance

According to the Ponemon Institute, the average total cost of a breach is $3,860,000. The main cost centers are:

  • Detection and escalation (forensics, audits, reporting)
  • Notification (to the affected, to regulators)
  • Post-breach response (identity protection services, legal fees)
  • Lost business (downtime, lost customers, damaged reputation)

Cyber liability insurance helps to cover these costs so they aren’t all coming out-of-pocket.

While your IT team can help you determine your level of risk, we recommend starting the selection process with your firm’s insurance agent instead. We say this for two main reasons:

  1. Your existing coverage may already address some level of cyber liability (ours did).
  2. This is still a new market, and it isn’t easy to navigate if insurance isn’t your area of expertise.

Also know that approval for coverage is often contingent on your firm having the above security measures already in place.


Final Thought

We’ve said it before: It’s not a matter of if your firm will suffer a breach, but when. While we never intend to fear-monger, we’ve seen first-hand the toll that a successful attack can take on an otherwise thriving business. It’s devastating.

And besides avoiding these damaging consequences, most firms stand to benefit from comprehensive approach to security in another way. Consider this: Have any of your clients asked to perform an audit of your firm’s security posture? Would they be more or less likely to do business with you based on the results?

Could this be an opportunity to gain another meaningful advantage over your competitors?


As originally published in the ALA Capital Chapter September Capital Connection newsletter

More Insights