Law firms are a top target of cyber criminals because of the sensitive client information they handle every day. Hackers are attracted to the valuable information entrusted to firms by their clients such as intellectual property, business strategies, and sensitive financial information related to transactions and mergers.
Communication technologies are often the focus of these attacks because they present soft targets for hackers. And in many organizations, mobile messaging is the weak link, especially when employees use third-party messaging apps to share information with internal and external stakeholders. Cyber threats against client data aren’t new. But what is new is the urgency of the situation. For firms that don’t act quickly to protect sensitive client information through enterprise-grade mobile messaging, a serious data breach will occur in only a matter of time.
Data breaches are costly and a very real threat to law firms
According to IBM’s Cost of a Data Breach 2020 report, the average cost of a data breach in the United States is $8.64 million. Another estimate indicates that a “typical data breach” can cost law firms $300,000 to $500,000 in out-of-pocket expenses. While these financial impacts are significant, they don’t factor in the impact of the serious reputational harm that results from a data breach on law firms.
Additionally, data breaches are a very real cybersecurity threat to law firms regardless of firm size. Consider that, according to the University of Maryland, hackers attack every 39 seconds, on average 2,244 times a day.
The American Bar Association noted in Formal Opinion 483: “Data breaches and cyber threats involving or targeting lawyers and law firms are a major professional responsibility and liability threat facing the legal profession. As custodians of highly sensitive information, law firms are inviting targets for hackers… Indeed, the data security threat is so high that law enforcement officials regularly divide business entities into two categories: those that have been hacked and those that will be.”
Law firms are an attractive target for hackers
Legal and advisory firms of all sizes have been the victim of cyber criminals. The American Bar Association’s 2019 Legal Tech Report revealed that 26% of law firms experienced a security breach of some kind. The report also noted that mid-size firms are the most vulnerable, finding that 42% of responding firms with 10-49 attorneys suffered a security breach.
Many law firms mistakenly believe they are insulated from sophisticated cyberattacks. But according to data from cyber security firm BlueVoyant, 15% of a global sample of law firms showed signs of compromised networks. The study also revealed that 100% of law firms analyzed have been subject to targeted threat activity and noted that this is “not surprising given the sector’s estimated worth of nearly $1 trillion, making it a prime target for financially-motivated attacks…”
Consumer-grade messaging technologies are a force multiplier of cybersecurity risk for law firms
Messaging technologies are emerging as a weak link in legal and advisory firm’s communication ecosystems. The convenience and file sharing capabilities of messaging apps undoubtedly improve productivity and strengthen client relationships. But the absence of secure enterprise mobile messaging technology leaves firms at risk for data loss. And this risk is increasing as many firms shift to remote working during the COVID-19 crisis.
More and more legal industry employees are using consumer-grade apps to communicate with their peers and clients—and in the process, creating significant data security vulnerabilities. A NetSfere Messaging at Work study conducted in partnership with global trade body Mobile Ecosystem Forum (MEF) revealed just how commonplace this practice is in the workplace. The study found that consumer messaging apps are the most popular work communication channel on mobiles (50%), ahead of email (47%) and text messaging (36%). The study also found that despite the widespread use of mobiles for work, most (57%) mobile users cannot categorically say whether the data shared by them and their colleagues via mobile is secure.
Since most consumer-grade messaging apps don’t encrypt messages and files transferred, client data is vulnerable whenever it is transmitted between users’ devices. Even more alarming, many third-party apps store data on the devices themselves. If a device is lost or stolen, sensitive information is susceptible to unauthorized viewing and distribution.
Add to that the lack of administrative controls in consumer-grade messaging apps and you have a force multiplier that enables unauthorized access to sensitive client information and leaves firm administrators unable to quickly close the door on future data breaches.
NetSfere provides messaging security for law firm client data
NetSfere’s secure mobile messaging service is designed from the ground up to create a more robust, more secure messaging environment for legal and advisory firms. To significantly improve the security of client data and other sensitive information, NetSfere’s secure messaging technology includes a comprehensive set of security features, including:
- Enterprise-Class Security – End-to-end encryption with elliptical curve key exchange—the strongest form of messaging security currently available to protect client data contained in user messages and attachments.
- Secure File Sharing – In-network, cloud-based storage allows law firms to safely transmit files and attachments, while mitigating the risk of exposing client data on stolen or lost mobile devices.
- Reliable Message Delivery – NetSfere is the most reliable enterprise messaging service for legal and advisory firms. When Wi-Fi or cellular service are unavailable, messages can be delivered via SMS, at the sender’s discretion.
- Administrative Controls – Robust administrative controls enable centralized account management, file sharing and policy compliance, remote wipe, real-time reporting and other capabilities that increase law firm ability to effectively monitor and manage the security of sensitive information.
- Temporary Client Access – Temporary guest access allows law firms to invite clients to participate in the firm’s secure and private messaging platform, eliminating the risk that is typically associated with exchanging files and messages with parties outside the organization.
Contact NetSfere today to find out how your firm can secure communication and collaboration to protect and safeguard client data.