Cybersecurity for Lawyers

The New York State Bar Association Gets Behind Cybersecurity Training

Continuing legal education (CLE) credits are necessary for professional growth and development after admission to the Bar. CLEs are available to American Bar Association (ABA) members in a growing library accessible online.

Recently, the New York State Bar Association (NYSBA) announced that New York attorneys would be required to take at least one cybersecurity CLE credit every two years. 

Why The NYSBA Made The Decision For Cybersecurity Awareness

Recent trends show an increasing number of attorneys working remotely in New York since the pandemic.  Working from home increases an individual’s cyber-risk, primarily because of the confidential data they handle. The CLE program requirement is an acknowledgment from the Bar that the security landscape has dramatically changed.

Working from home, coupled with a rise in data breaches at New York law firms, makes security awareness training paramount.

However,  not all Bar members were on board.  Some felt that the requirement would take away opportunities to use CLE hours for “section-specific ethical education.”

The Conundrum

While the cybersecurity training requirement does divert attention away from practice-specific learning, the fact is that data breaches and the associated risk are significant.  One breach can take down a whole firm.

So, what’s more important? Increased legal education or ensuring that the firm is not put out of business by one errant click!

The fact is―they are both critical. Law firm management and their associates need to stop thinking about security as a “nice-have” or only as an expense. IT security is an investment.

What Legal Firms Need To Do Now

  1. Have an overall strategy
    • An IT Assessment is a must, so you know where you stand regarding the firm’s IT state. The Assessment should include reviews of hardware, software, backup systems, and security.
    • Security Policies should be reviewed and updated. Your employees need to know what is expected of them and are generally required under various State cyber laws.
    • Incident Response Planning is crucial to your firm and proves to Regulatory agencies that you’re serious about security should a breach occur.
  2. Install Detection and Response Systems
    • Today’s environment demands a higher level of protection. Your IT team should be able to install, coordinate, and manage Endpoint Detection and Response (EDR) systems, Firewall & EDR Synchronization,  and SIEM operations for log collection and analysis.
    • You need a Security Operations Center (SOC) to act as your proactive, on-call expert security team to mitigate anomalies within your network 24/7/365.
  3. Utilize Security Awareness Training For Frontline Defense
    • It’s no secret that people are the weakest link in security. You can have the most expensive and comprehensive IT security systems, but one wrong click by an employee can bypass even the most sophisticated solutions. Ongoing training is a must.
    • Dark Web Monitoring is a valuable tool that will let you know if you or your employees’ credentials are for sale on the Dark Web. Once learned, you can require those credentials to be changed.
    • Phishing Email Test Campaigns are critical and show employees how to spot phishing scams which are the most prevalent way hackers gain entry into networks.

Having a solid cybersecurity posture will help legal firms utilize security best practices to avoid becoming victims, satisfy various Regulatory Agencies, and help with insurance premiums.

Take Action Before Your Firm Becomes A Victim

If your Law Firm does not have an IT Department, sign up with a Managed IT Service Provider (MSP) specializing in security. Do your homework! Many MSPs have shallow security programs that, when you “peel back the onion,” are just standard automated solutions they sell to say they provide security.

What to look for:  While investigating possible IT partners, if an MSP does not offer both SIEM and SOC services―move on! SIEM and SOC are essential to a comprehensive cybersecurity program.

The above security services are comprehensive, but technology advancements make such a program more affordable than you may think.

If you’re concerned about your Law Firm’s security, contact us at (845) 362-9675 or email us at [email protected].

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed IT Services (MSP). Call (845) 362-9675 for a free consultation. Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection