As the CEO of GlobalMac IT, I’ve come across more than a few creative, nasty and wicked hack examples that our clients and prospective clients have shared.
I can’t count how many times I’ve felt the pain of a managing partner when I read about their law practice suffering a cybersecurity nightmare due to their inexperience or lack of knowing what security measures to put in place to protect their firms.
But all lawyers should and can protect themselves and their law practice from data breaches that expose critical Personal Identifiable Information (PII) on the Dark Web by educating themselves and finding the right security solutions for their firm.
The trick is to separate facts from fiction and debunking common misconceptions.
These myths are the top misconceptions I have repeatedly heard from law practices that downplay a data breach threat.
Myth #1 – Too Small to Hack
“Our organization is too small for cybersecurity because hackers hunt for the big game, not us.”
I put this myth first and foremost because it’s the most common excuse I’ve heard when discussing security solutions.
In a 2019 survey of decision-makers at SMBs (small and Medium Businesses = YOU), 18 percent list cybersecurity as their lowest priority. That attitude is driven by a certain amount of complacency: 66 percent believe that a cyberattack is unlikely — even though 67 percent of SMBs were actually hit by a cyberattack in 2019.
Being small won’t save your law practice; in fact, hackers prefer solos and smaller firms because they’re less likely to have top-class security measures in place.
Myth #2 – Cybersecurity as Someone Else’s Problem, Not Yours
“Cybersecurity is IT’s job, not mine. We paid good money for the best tools three years ago.”
My initial focus is a firm’s current security plan when I consult with a client. I have to know where their head is at before I can suggest the best solutions for their firm that will provide them with peace of mind when thinking about the security and efficiency for their technology.
Designing, implementing, and optimizing cybersecurity is, indeed, IT’s wheelhouse, but there is a responsibility to clients to use the tools properly.
It’s a massive myth that protecting yourself from cybersecurity threats is a one and done investment. An optimized security plan must have a multi-layer approach and tools working on auto-pilot to protect you and your firm in addition to the basic security measures.
Myth #3 – Overconfidence in your Macs
“Macs don’t get viruses, so that’s good enough in the legal field.”
Correct, Macs don’t get viruses. Ten years ago, that was enough to protect you from the bulk of the threats. That is no longer the case.
Phishing attacks account for more than 80% of reported security incidents.
I’ll say it again, though I know it’s not popular:
Simply being on a Mac does not protect you from the majority of cyberthreats.
That’s the harsh reality of it all.
Myth #4 – Old Data on the Dark Web
“Yes, we’ve had credentials for sale on the Dark Web, but that was three years ago. It’s not a big deal today.”
Hackers don’t need fresh, newly stolen data to damage your firm’s reputation. Old data, such as log-in credentials and passwords, suffice as a means to gain a foothold and us it to gain access to more damaging information.
And are you aware there were more than 1.76 billion records leaked in January 2020 alone?
Monitoring the Dark Web is one of multiple crucial steps to have a proactive cybersecurity practice in place.
Now that you are aware of the myths, what can you do to protect yourself?
The new solution we are developing is based on 14 years of experience in being responsible for the security needs of our legal clients throughout North America. These range from solos, to small firms with a couple layers, all the way to firms with 20 lawyers.
This suite of solutions will provide comprehensive coverage in a turn-key solution.
Most solos and small firm lawyers lack both the time and expertise to research and put together a proper security strategy that will cover you from all angles.
If you’d like to find out more, send me an email and put SECURITY in the headline.