The lockdowns and restrictions caused by the coronavirus pandemic transformed the way people work. This is especially true for legal professionals, as attorneys used to long hours in the office and courtroom were mandated to work from home. It was a considerable departure from business-as-usual and resulted in significant ramifications for the industry.
A unique sector
The legal industry is a notorious laggard when it comes to embracing technological advancements. And, for good reason too! Who would want to go digital after sparing no expense on all those leatherbound legal tomes that look so classy adorning the office bookshelf? Kidding aside, it’s true; in 2018, over 80% of Legal Departments claimed they were unprepared for digital transformation[1]. While late 2018 may seem like eons ago after spending the past year cooped up, it was well after most industries embraced the advantages of increased digitalization.
Then, the pandemic hit, and law firms scrambled to condense a decade’s worth of technological evolution into a few months. With nearly all organizations experiencing problems due to COVID-19, it is not surprising that the legal profession was especially susceptible. It’s easy to argue that this accelerated implementation is a good thing in the long run, but let’s look at some of the short-term growing pains.
Increased cyber attacks
Law firms are already high-priority targets for hackers due to their business’s inherently confidential and sensitive nature. The fact that firms had to switch to remote working basically overnight exacerbates this problem. Whereas traditional cybersecurity deals with setting up and maintaining perimeter defenses, what happens when there is no longer a definable perimeter?
Attorneys in the same practice are now spread out throughout their regions. Some may only use approved devices to do work, while others skirt guidelines and conduct business on their personal phones, tablets, laptops, or PCs. Some firms may not even have concrete policies in the first place! These significant discrepancies increase the attack surface for malicious agents. It’s unlikely that the IT department or third-party cybersecurity firm can monitor every single device each lawyer will be using. This unfortunate dynamic resulted in more instances of:
- Phishing. Scammers posing as legitimate colleagues or clients send emails or other forms of communication to trick victims into clicking malware-infested links and attachments. Phishing attempts rose across the board last year, with some analysts claiming an increase of 85% over pre-COVID levels[2].
- Ransomware. Once threat actors compromise a computer system, they often attempt to install ransomware. This type of malware encrypts as much data as it can find on the system, then the hacker group responsible for the attack demands a ransom to restore it. Incidents of ransomware rose significantly in 2020[3], with high-profile attacks such as the one against celebrity law firm Grubman Shire Meiselas and Sacks. In that case, hackers demanded a $42 million (!) ransom, which, when left unpaid, resulted in privileged client data leaked to the Dark Web[4].
Slower data breach detection
Due to many of the same variables mentioned above (lack of consistent monitoring, use of unapproved hardware, users spread across a wider geographic area), remote work increases the time it takes to detect data breaches. In an IBM survey, 76% of respondents agreed with that conclusion[5]. In the field of Law, where cybersecurity budgets are already stretched thin, this is a major issue. Slower detection times can mean more time for hackers to map out networks, leading to more inaccessible files, higher ransoms, and larger overall breaches that can irreparably damage a practice’s reputation.
Shifting job expectations
Attorneys (especially Junior or mid-level ones) typically have pretty rigid schedules and expectations. The pandemic has thrown this into flux. Lawyers with children are the most affected. If the parents are working from home, chances are the kids are distance learning too. This means that professionals who usually have a large window of the day’s time blocked off specifically for their career now have to share that time with parental duties.
Firms must meet these new requirements by allowing for schedule flexibility or even reduced workloads. Otherwise, an already-stressful occupation becomes unmanageable, leading to poor performance.
Disrupted development tracks
Younger attorneys gain experience and learn on-the-job. Working from home can stunt their professional growth and take away otherwise organically-appearing opportunities. This is because they lose the ability to attend events such as hearings, depositions, witness meetings, and more with their experienced colleagues.
It also prevents interactions with senior attorneys in the office or courthouse halls. This can adversely affect the chances of a helpful mentorship and important professional relationships. While digital correspondence and interaction are possible, many parts of an in-person exchange cannot be replicated on a Zoom call or email.
Ways to deal with these issues
In a time with reduced revenues, investing in large-scale cybersecurity projects is probably not a viable option. So, while hiring more IT professionals or a dedicated SOC-as-a-Service (Security Operations Center) company to shore up your networks is a great idea, it may not be possible. We recommend implementing other low-cost suggestions to protect your organization.
- Ongoing cybersecurity training. Most of the time, organizations can avoid data breaches by training employees on the basics of cybersecurity best practices. Consult with your IT team and construct an ongoing curriculum that informs your team how to spot phishing emails and what policies your firm has in place regarding data sharing, personal device usage, and more.
- Require strong passwords and 2-Factor Authentication (2FA). Prevent brute force attacks by requiring team members to set up strong, phrase-based passwords. Then, mandate 2FA for all logins to firm networks through unrecognized hardware. Unless you’re dealing with extremely sophisticated hackers, these two no-cost solutions offer excellent protection.
- Vet new software and cloud solutions. If your practice didn’t allow working from home previously, chances are you’ll need to invest in some cloud or enterprise solutions. Make sure you use trusted vendors with documented cybersecurity safeguards. Remember, your system is only as strong as the weakest link. A lesson that law firm Goodwin Procter recently learned when hackers breached their third-party file transfer vendor[6].
- Utilize data encryption. Encrypting your data is essential these days. Strong encryption means even if malicious agents could breach your system and access information, it wouldn’t be useful or even viewable unless they had the decryption key.
- Implement Access Controls. Everyone in your organization doesn’t need access to all the potential files on the network. While it might take some work to segment and decide individual permissions, doing so promotes resiliency. It means that if someone is able to hack a low-level employee, they don’t automatically gain access to highly confidential information.
- Have a mitigation plan. As of 2019, 25% of firms have experienced a data breach, and 36% report malware infections. Knowing this, a mitigation plan is crucial. All of the top-level decision-makers need to get together and agree on a roadmap for damage reduction. It could be the difference between an unfortunate blip or the complete loss of client trust.
- Remain flexible. As we’ve seen, cybersecurity is only a part of the work-from-home equation. Firms also need to ensure their lawyers are in a good mental state and in a position to provide high-performance to their clients. This may mean making some changes regarding work schedules and workloads. Allowing this flexibility can actually be a good thing for clients as well, as perhaps some of their schedules will line up better this way.
- Facilitate interactions. Don’t neglect the everyday interactions that make practicing law special, especially for your junior attorneys. Perhaps you could set up office hours with the senior team or have an open Zoom room for your organization where everyone has to check in daily to preserve basic socialization.
These trying times present new challenges every day. Your organization can weather the storm and come out better for it on the other side. Take the situation seriously and evolve intelligently, and you’ll be fine.
Protect your documents
Having a trusted data transfer solution is critical to protecting your firm’s and clients’ confidential information. As the situation with Goodwin Procter confirms, your organization needs a vendor committed to preventing hacks.
AXEL Go is a cloud file-sharing and storage solution that puts security and privacy first. It runs on a decentralized and distributed network that is resilient to breaches. All data transferred via AXEL Go is split into smaller pieces called ‘shards’ and spread across many secure servers. Your files can also be protected using AES 256-bit encryption, ensuring industry-leading data security for your most sensitive documents. If your firm needs a data transfer and storage solution, contact us today to discuss your needs and schedule a demo.
[1] Rob van der Meulen, “Gartner Says 81 Percent of Legal Departments Are Unprepared for Digitalization”, Gartner, Dec. 12, 2018, https://www.gartner.com/en/newsroom/press-releases/2018-12-12-gartner-says-81-percent-of-legal-departments-are-unprepared-for-digitalization
[2] Phil Muncaster, “Experts Detect 30,000% Increase in #COVID19 Threats”, Infosecurity Magazine, Apr. 27, 2020, https://www.infosecurity-magazine.com/news/experts-detect-30000-increase/
[3] “Mid-Year Threat Landscape Report 2020”, BitDefender, 2020, https://www.bitdefender.com/files/News/CaseStudies/study/366/Bitdefender-Mid-Year-Threat-Landscape-Report-2020.pdf
[4] Akshaya Asokan, “Ransomware Gang Demands $42 Million From Celebrity Law Firm”, Bank Info Security, May 16, 2020, https://www.bankinfosecurity.com/ransomware-gang-demands-42-million-from-celebrity-law-firm-a-14292
[5] “Cost of a Data Breach 2020”, IBM Security, 2020, https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/
[6] Meghan Tribe, “Goodwin Procter Says It Was Hit by Data Breach of Vendor”, Bloomberg Law, Feb. 2, 2021, https://news.bloomberglaw.com/us-law-week/goodwin-procter-says-it-was-hit-by-data-breach-of-vendor