Law firm cybersecurity best practices require securing sensitive data. Large firms are heavy users of document management systems (DMS) such as NetDocuments, iManage Work, Worldox, and ProLaw. Attackers target DMS’s with a variety of attacks, including ransomware, malware exploitations and data breaches. Properly securing DMS’s is critical and law firms need to implement comprehensive data protection strategies to make sure this happens. Data management is also subject to various regulations, such as HIPAA, GDPR, and standards related to a client’s particular industry.

Lawyers need to access client data on the move: while travelling, when visiting clients, and in the court room. The heavy use of remote data access presents an additional attack vector for threat actors. Firms need to implement strong end-point security policies and practices that include multi-factor authentication (MFA), strong passwords, anti-malware and anti-virus capabilities, role-based access controls, and leverage VPNs with strong encryption.

Offices of large international law firms are geographically dispersed, with branches worldwide, often including offices in high-risk countries.  Remote branches often need to store their sensitive data locally due to regulations prohibiting data from being stored outside of the country in which it was created. Securing remote branches is critical not only to secure local operations and data, but also to protect main offices from supply chain attacks.

Law firm cyber security best practices include implementing and enforcing comprehensive security policies and staff training across all main and remote offices. Firms should maintain a hardening guide and conduct regular security audits to validate that hardening guides are implemented. Security governance strategy, policies, and procedures need to be evaluated top-down, along with periodic testing to evaluate the effectiveness of each location’s security policy implementation.

Many law firms are migrating their IT systems to the cloud to achieve new levels of scalability and cost-efficiency. The shift from on-premise to the cloud introduces new cybersecurity challenges, including:

• Ambiguity regarding the shared responsibility model,
• the agile nature of cloud use,
• frequent misconfigurations, and the dissolution of perimeter security controls

Firms need to secure their cloud migrations by developing a cloud security framework pre-migration and assessing their security posture post-migration.

Law firms typically have relatively small cybersecurity teams. Managing the multiple security threats and addressing the cyber security priorities outlined above can be extremely challenging. Law firms need to consider adopting ‘force multipliers’ such as managed detection and response and incident response retainers.