Dispelling Misperceptions About Preventing a Cyberattack
Law firms cannot prevent online theft through readily available software programs, and clinging to this idea leaves them vulnerable to breaches and revenue losses.
Cyberattacks can harm a firm’s reputation and lead to the inadvertent release of clients’ private data.
Those were the humbling takeaways of Wednesday’s webinar: Surviving the Worldwide Cyber Pandemic.
To counter those dire outcomes, firms need to take modern approaches by employing multifactor authentication, endpoint detection and response and storage encryption. They also need to have a skilled security team at their disposal.
Ronald Hedges, principal at Ronald Hedges in Hackensack N.J. and co-chair of the New York State Bar Association Committee on Technology and the Legal Profession, moderated the discussion with Tom Kirkham, founder and CEO of Iron Tech Security. The program was sponsored by the Committee on Technology and The Legal Profession and the Committee on Continuing Legal Education.
Kirkham said that that up to 60% of businesses go out of business within two years of an attack and that 95% of those attacks are triggered by a company’s staff. He added that 37% of the top malicious email attachments are .doc and .dot and that 54% of companies indicated that their in-house IT departments are not sophisticated enough to handle advanced cyberattacks.
Among the primary cyber threats are ransomware, phishing attempts and compromised email.
Companies that are under the common misperception that they are invulnerable to attack or that cybersecurity is strictly an IT issue are unlikely to make the heavy financial investment to protect themselves.
“The vast majority of attacks aren’t what you hear on CNN or see in The New York Times. They’re small to medium-sized businesses. The culprits don’t know who you are and they don’t even care who you are because they’re thinking in terms of conversion rates,” said Kirkham. “They may send out 100,000 emails to perhaps all New York attorneys and they’re looking at conversion rates. They’re saying: ‘if I get a 1% conversion rate that’s a thousand victims and if I collect an average ransom of $10,000 apiece, that’s a $10 million payday.’”
Kirkham said companies can easily become overwhelmed by the demands of cybersecurity protection, but the most vital step is being proactive about it and not falling in line with the 90% of the population that reuses passwords. He added that IT security should be outsourced because it’s more cost-effective and that protecting against cyberattacks is not a core competency of any law firm.
“You hear how everybody’s bombarded with all of these breaches, but what you can do as a manager is to not be hopeless about it. Make sure you’re leading a security first culture, that’s in your court. You know, security first. We’ve spent decades as a society trading security in the name of productivity and efficiency and that’s made the United States the most vulnerable nation on earth because we’re the most automated nation on earth,” said Kirkham.
Please go here to register and gain access to part one of the series.