Have you done a Professional Security Assessment of your firm’s computer system lately?
If not, you might be inviting a cyber attack.
A proper assessment includes a top-to-bottom review of your firm’s privacy and security strengths and vulnerabilities, says cybersecurity law expert Brandon Abshier.
“Identifying weaknesses is a critical part,” says Abshier, who practices data breach/privacy law at Reminger Attorneys at Law. “For example, if your review reveals that it is difficult to locate either physical or electronic copies of established written privacy policies, then perhaps the policies are not the issue, but rather the communication and visibility of these policies.”
Don’t have an IT specialist or anyone in-house who is qualified to do the audit? No problem.
“There are a lot of companies out there with IT specialists and consultants who will come in for a flat fixed fee and do an assessment,” says Abshier, who provides ProLink claim repair services to lawyers insured through Alta Pro Insurance Services. “That way, you’ll know what you need to focus on fixing before you go out and spend a lot of money.”
Abshier was a panelist on the recent Alta Pro Lawyers RPG-sponsored webinar, “Top 10 Things to Do to Avoid a Data Breach.” Below are some highlights from that program.
Want to increase your billings, boost productivity and reduce your malpractice risk? Attend our next FREE webinar on September 12: “Meet Clio – The Easiest Way to Manage Your Firm.” Register here.
Top 10 Things to Do to Avoid a Data Breach
The big takeaways from the Data Breach webinar: be vigilant, and be proactive.
Vigilance includes staying up on technology. This can pose a challenge for solos and small firms that are already strapped for time and money. But Adam Gwaltney, who specializes in professional liability and cyber liability coverage at Ritman Insurance for Lawyers and Professionals, says vigilance needn’t be onerous and might be as simple as a chat with a colleague.
“Don’t forget to speak with your peers,” Gwaltney said at the webinar. “For example, if you don’t have a firewall or haven’t updated your antivirus in a couple of years, starting locally by asking your peers what products and services they use is a good start. In Indiana, the solo small firm section of the Indiana State Bar has a network of lawyers who are very savvy on tech issues.”
In addition, all software must be current and viable. Security patches and updates to your programs should be downloaded and installed. This includes firewalls, anti-virus programs and anti-spyware applications.
“I think every six months or so you need to have an audit to see if you need to update or patch any of your systems,” said panelist and Reminger attorney Trenton Gill. “Recently I had a client, a small company, that literally had one flash drive they’d pass around and save stuff to. This created all sorts of privacy and security issues.”
Cyber Response Plan and Intrusion Detection
“An incident response plan is absolutely critical, no matter what size firm you have,” said Gwaltney. “One of the critical things is to stage a mock disaster. You have to test your system. Everyone has to understand who does what, and what everyone’s role is in the event of a disaster.”
Along with this, you should implement an Intrusion Detection Method, which is essentially a burglar alarm.
“It’s like a security system on your car so that if someone enters your space an alarm goes off,” Gwaltney said. “In the cyber world an Intrusion Detection Method is generally a lockdown of your system or a warning balloon on your screen that tells you when and if a bad guy is coming into your system.”
Gwaltney recommended two IDMs: Barracuda – software attached to your internet search engine that inspects websites before you visit them to make sure they are safe – and Crypto-Stopper, which is basically a trip wire that will warn you of a potential attack.
“These provide spectacular software protection and are not expensive, relatively speaking,” said Gwaltney.
Get protection and peace of mind with cyber liability insurance protection. Want a no-obligation quote on coverage to suit your practice needs? Contact Alta Pro Insurance today.