Is Your Law Firm Safe From Cybersecurity Hacks?

04 October 2022 by Ross eDiscovery cybersecurity

Takeaway: Set up the right security measures upfront, and you won’t have to firefight data breaches later on. This means educating your team about cybersecurity, setting up antivirus applications/firewalls/VPNs, and using the right eDiscovery software to protect clients’ data.

Small businesses and law firms are particularly vulnerable to cyber-attacks.

An estimated 145 terabytes of internet traffic is in motion globally every second, ready to be intercepted by savvy hackers. And unfortunately, small businesses and firms are especially vulnerable. For instance, a 2021 Verizon report showed that 46% of all data breaches are connected to small and midsize businesses. This is likely because small businesses store more sensitive information than any single individual would, but with less cybersecurity than larger organizations. And the result? Thousands of dollars of unnecessary losses.

Most hackers attempt to steal data, hold it for ransom, and/or disrupt transactions.

Hackers usually look for sensitive data like credit card information and social security numbers. But there’s often more to it, so, here’s a roundup of their various approaches.

1. Infecting your computer with harmful software.

The most common attack involves getting harmful software onto your computer. This malware includes viruses, trojans, worms, spyware, etc. And for businesses, it’s also likely to be ransomware – i.e., software that locks you out of your computer, demanding a ransom to let you back in. Sometimes, these attacks are drawn out, with hackers taking over your system in phases. This advanced persistent threat (APT) is especially lethal because even if you spot a breach, the hackers usually have backup routes to your data.

2. Stealing login credentials.

Hackers often try cracking passwords by using algorithms that make random guesses (i.e., brute force attacks) or build off dictionary words (i.e., dictionary attacks). But they sometimes steal your login credentials instead. They might do this by tracking your keystrokes (i.e., keylogging attacks) or tricking you into handing over the details via seemingly-legitimate websites and emails (i.e., phishing). Alternatively, they might contact unhappy former employees looking for revenge or a quick payday.

3. Finding backdoors to your system.

Many applications have unintentional design flaws that are like hidden backdoors. Developers usually spot and fix these openings using software ‘patches,’ but hackers who find these backdoors before the patch is released will have free access to your computers. These are called zero-day attacks because developers have zero days to fix the error. And the attacks can leak sensitive information for months before anyone notices.

4. Intercepting data in transit.

Man in the Middle (MitM) attacks steal data that’s been transferred. For instance, hackers might install malware targeting e-commerce data (e.g., sales and user data) traveling back and forth between your and your customers. Usually, this happens when one of you is using an unsecured (often public) WiFi network.

5. Shutting down your website or network systems.

With a Distributed Denial of Service (DDoS) attack, hackers use botnets (i.e., internet-connected devices/computers) to flood your server with access requests. This flood of requests uses up all your bandwidth, overloading and shutting down your website or network. Typically, angry ex-employees or aggressive competitors set up these attacks. (If your website shuts down, potential customers will go to these competitors’ websites instead.) Alternatively, hackers could hijack/modify your website by tampering with its SQL (Structured Query Language) code.

To tackle these attacks, you’ll first want to educate your team about cybersecurity.

Protecting your firm means spreading awareness about how cyber attacks work. So, try to organize training sessions – calling in experts or researching the subject yourself. The key here is to make it an ongoing process rather than a one-off event. Ideally, you’ll want to set up short sessions (an hour at most) every month, giving your team practical tips on protecting their data. Tips about creating a strong password, flagging suspicious emails with risky attachments, using two-factor authentication, etc. Importantly, you’ll want them to practice what they’re learning – perhaps ‘gamifying’ the process. For example, you could randomly send team members emails from an anonymous (but plausible) email address, baiting them into replying or clicking links. If they don’t take the bait, they get points. If they take it, they lose points. And at the month’s end, whoever has the most points gets a prize.

You’ll also want to use a custom mix of antivirus software, firewalls, and VPNs.

Setting up a virtual security system might seem expensive, but recovering from a cyber attack is way more costly. So, consider exploring your digital security options upfront. For starters, you’ll need antivirus software to check incoming files/code against a database of known viruses and malware. Next, you’ll want to set up a firewall to block particular types of incoming data. And finally, a virtual private network (VPN) can create a protected ‘tunnel’ to the internet, walling off any outsiders (including your internet provider) trying to peek at your data.

Crucially, you’ll need secure document review software.

eDiscovery is vital to modern law, which means your firm will need secure document review software. Thankfully, the best eDiscovery providers run their software in the Cloud, handling things like scanning for vulnerabilities, installing security patches, and more. All you’ll need to do is log into the software via your web browser, the same as with email. (No worrying about installing software, handling tech issues, etc.) Importantly, this system has inbuilt cyber protection features. For instance, cloud providers have rigorous security checks for their employees, advanced data encryption/decryption measures, contingency plans for hacks, and so on. And the best eDiscovery applications come with multi-factor authentication using trusted third-party apps like Google Authenticator.

To explore secure, Cloud-based document review, try out GoldFynch.

GoldFynch is a Cloud eDiscovery service designed for small and midsize law firms. It has all the essential security features you need, plus some valuable bonuses. For instance:

  • It costs just $27 a month for a 3 GB case: That’s significantly less than most comparable software. With GoldFynch, you know exactly what you’re paying for: its pricing is simple and readily available on the website.
  • It’s easy to budget for. GoldFynch charges only for storage (processing files is free). So, choose from a range of plans (3 GB to 150+ GB) and know up-front how much you’ll be paying. You can upload and cull as much data as you want, as long as you stay below your storage limit. And even if you do cross the limit, you can upgrade your plan with just a few clicks. Also, billing is prorated – so you’ll pay only for the time you spend on any given plan. With legacy software, pricing is much less predictable.
  • It takes just minutes to get going. GoldFynch runs in the Cloud, so you use it through your web browser (Google Chrome recommended). No installation. No sales calls or emails. Plus, you get a free trial case (0.5 GB of data and a processing cap of 1 GB) without adding a credit card.
  • It’s simple to use. Many eDiscovery applications take hours to master. GoldFynch takes minutes. It handles a lot of complex processing in the background, but what you see is minimal and intuitive. Just drag-and-drop your files into GoldFynch, and you’re good to go. Plus, you get prompt and reliable tech support.
  • Access it from anywhere, and 24/7. All your files are backed up and secure in the Cloud.

Want to find out more about GoldFynch?