Note: In August, Alta Pro presented the webinar “Top 10 Things to Do to Avoid a Data Breach,” which featured an expert panel of cybersecurity professionals explaining how law firms can stay safe. In case you weren’t able to attend, following is Part 1 of our two-part recap of the program.
Protecting your law firm from a cyber loss starts with a comprehensive review of your systems, procedures and response plan.
Another key: having adequate insurance coverage.
Those were two takeaways from the Alta Pro webinar, “Top 10 Things to Do to Avoid a Data Breach.” The panelists were Brandon Abshier and Trenton Gill of Reminger Attorneys at Law and Adam Gwaltney of Ritman Insurance (their bios and contact info appear below).
Want free webinars and CLE opportunities? Become a member of Alta Pro Lawyers RPG. You’ll get access to the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.
Top 10 Things to Do to Avoid a Data Breach
Following is Part 1 of a recap of “Top 10 Things to Do to Avoid a Data Breach”
1. Conduct a Professional Security Assessment
This begins by evaluating (or reevaluating) your existing privacy and security systems and procedures.
This review can highlight your organization’s privacy and security vulnerabilities as well as its strengths. Identifying weaknesses is a critical part of developing an incident response plan. For example, if your review reveals that it is difficult to locate either physical or electronic copies of established written privacy policies, then perhaps the policies are not the issue but rather the communication and visibility of these policies.
The bottom line: Use your existing privacy policies and procedures to establish a baseline and revisit those policies to identify any latent vulnerability that should be addressed in the incident response plan.
2. Develop a Cyber Event Response Plan
A “cyber event” is a broader category than a data breach. It includes any occurrence leading to a compromise, misuse, loss or theft of data, information systems, money, professional services or a combination of all.
The foundation of breach preparedness is having a well-prepared incident response team. At the very least, your team should include representatives from IT, security, legal, compliance, communications and customer service and a member of the executive management team. A smaller firm may not have different people in all of those functions, but this suite of functions should be represented.
3. Stay Current with Technology
Keep security patches for your computers up-to-date. Use firewalls, anti-virus and anti-spyware software; update virus/spyware definitions daily. Check your software vendors’ websites for any updates concerning vulnerabilities and associated patches.
4. Implement Intrusion Detection Methods
These are like cyber burglar alarms. If someone enters your space, an alarm goes off. An Intrusion Detection Method is usually a lockdown of your system or a warning balloon on your screen that tells you when and if a bad guy is coming into your system.
Gwaltney recommended two IDMs: Barracuda – software attached to your internet search engine that inspects websites before you visit them to make sure they are safe – and Crypto-Stopper, which is basically a trip wire that will warn you of a potential attack.
5. Manage Use of Portable Media and Devices
Portable media, such as DVDs, CDs and USB flash drives, are more susceptible to loss or theft. This can also include smartphones, MP3 players and other personal electronic devices with a hard drive that syncs with a computer. Allow only encrypted data to be downloaded to portable storage devices.
NOTE: Part 2 of the webinar recap will appear in the next post on this blog. Watch the webinar here.
- Brandon Abshier practices with Reminger Attorneys at Law, where one area of concentration is data breach/privacy law. A Certified Information Privacy Professional/U.S. (CIPP/US) by the International Association of Privacy Professionals (IAPP), Brandon has received special training in the data breach and privacy fields.
- Trenton Gill practices with Reminger Attorneys at Law in the firm’s Indianapolis office. He represents attorneys and other professionals in professional liability claims and disciplinary/licensing matters. He also counsels clients on a variety of legal issues including labor and employment, insurance coverage, contract creation and negotiation and risk management.
- Adam Gwaltney, Ritman Insurance for Lawyers and Professionals. With more than 21 years in the insurance industry, Adam focuses on professional liability insurance, including Legal Professional Liability, Title Agent Errors & Omissions, and Cyber Liability Insurance. An approved CE and CLE provider, Adam is a frequent guest speaker with the Indiana State Bar Association, the American Land Title Association, and many other lawyer groups on issues of professional malpractice and cyber liability.
Get protection and peace of mind with cyber liability insurance protection. Want a no-obligation quote on coverage to suit your practice needs? Contact Alta Pro Insurance today.