GTMAccount = 'GTM-NWQF9Q'; dataLayer = [{ 'pageCategories': ["blog-topics/cyber-security-data-privacy","blog-topics/law-firm","blog-topics/legal-industry-education","blog-topics-v2/community/guest-writers","blog-topics-v2/cybersecurity-data-privacy","blog-topics-v2/law-firm","blog-topics-v2/legal-industry"], 'pageTags': [] }];

Your single source for new lessons on legal technology, e-discovery, compliance, and the people innovating behind the scenes.

Don't Wait: 5 Steps to Reduce Cyber Breach Risk

Dean Sapp - Braintrace

Editor's Note: Security is always top of mind for our team; it's a hallmark of how we operate as well as what we build. In the spirit of optimizing operations, here are some quick cybersecurity tips from Braintrace, a Relativity Developer Partner.

Effective cybersecurity is a complex, layered system of prevention, detection, and intervention aimed at anticipating bad acts, verifying authorized access, and reducing the risk of infiltration. It’s a never-ending battle to stay ahead of the bad guys, and it’s not easy.

However, there are five simple steps every law firm can take to reduce the risk of cyberbreaches. It is the very least you can do to protect your valuable data assets.

1. Harden your email systems.

Your email is a prime entryway for unauthorized access. A few simple steps can curtail many common paths in and reduce email vulnerability:

  • Turn on and configure DKIM, DMARC, and SPF for all firm email domains. These will all help verify the validity of emails by assuring their association with legitimate domains.
  • Turn on geolocation rules to trigger an alert for successful logins from outside the office for all email accounts.
  • Set up alerts when email account rules are changed to perform automatic actions. A red-flag example for this would be all emails being forwarded outside of your organization after the account has been compromised.
  • Use digital certificates and digitally sign and encrypt email. By digitally signing internal emails, and training on their use, business email compromise (BEC) fraud is far less likely. 

2. Use true, two-factor authentication.

Two-factor or two-step authentication (which checks for something you know and something you have) is vital for all systems that store, process, or transact highly sensitive client information. This is critical for any system that is accessible from the Internet, including:

  • Email
  • Document Management Systems (DMS)
  • Accounting systems
  • Litigation support systems
  • Domain and remote access (VPN)
  • Any other online system

3. Consider deploying next-generation endpoint software.

The applications your team runs on your network have the potential for unknown security holes or vulnerabilities that hackers can exploit. These “zero-day attacks” expose you to risk until the software developer learns of the vulnerability and then rushes to create a fix. Securing your endpoints with next-generation endpoint software that leverages artificial intelligence and machine learning can help stop zero-day attacks and save much time re-imaging computers and responding to incidents.

4. Protect your mobile phones.

Use an MDM (Mobile Device Management) system to secure, encrypt, and protect mobile phones and applications. Consider using Privoro Privacy Guards for attorneys who travel, especially to foreign countries. This is a more cost-effective business solution than using burner phones that have less practical use on the road. Remember: attorneys carry and access sensitive e-discovery data wherever they go, and it’s critical to ensure that data is secure from every angle.

Also, use reliable VPN software when on public Wifi. On an unsecured network, you could potentially be leaving yourself open for criminals to access any sensitive data stored on your device.

5. Act fast when problems occur.

Discovered vulnerabilities demand immediate action. Ensure that your IT department patches all of your public-facing IT systems as soon as possible when high-risk vulnerabilities are announced. Follow up with your internal systems as soon as reasonably possible. 

There are countless ways that bad guys can try to exploit your systems and access your data. While a complete, end-to-end, layered methodology and maturity model is the ideal way to control your risk, these five steps are a fast and easily accomplished first line of defense. Work closely with your IT team to ensure they’re in place to protect you.

What other steps help build your cybersecurity shield? Let us know in the comments.

Dean Sapp is CISO of Braintrace. He's a long-time security practitioner with 24 years of combined information security and IT experience—including 17 years working with AM 100 and 250 law firms.