Law Firms & Cyber Security: 11 Tasks for Prevention & Response

Cyber Security Tasks for your CSOIs worrying about a security breach keeping you up at night? What will your clients think if it happens? Will you lose business? Are you prepared to stop the breach quickly? Can you afford to invest in information security? Can you afford not to?

Since 2011, 80 percent of the largest 100 law firms (by revenue) have been victims of cybercrime, according to an ABA report. The same survey revealed that 26% of law firms with 500 or more attorneys experienced a security breach in 2016. If this issue wasn’t keeping you up at night already, those statistics seem to be cause for some tossing and turning.

While in the past the legal industry had a reputation for being slow to adopt, a recent study found that on all security ratings measured, legal was the second highest performing. This is great news. Security initiatives are starting to come to fruition. But, many executives at law firms are now accepting that it is less about if a breach will happen, and more about what they are going to do when it happens.

While putting prevention measures in place is still essential, creating a breach response plan is of equal importance. In both cases, having a trusted Chief Information Security Officer (CISO) or Chief Security Officer (CSO) on board who can work well with your executive team is essential for big law firms. If you don’t have a CISO or CSO on your team, we suggest you consider adding one. While outsourced solutions can be sufficient for preventative measures, an internal leader of information security will be much more effective at putting a response plan in place.

Here are 11 tasks to give your leader of information security:

1. Set Up Perimeter Defenses

Most law firms know that setting up perimeter defenses is an essential first step for preventing cyber attacks. Firewalls, intrusion detection systems (IDS), application proxies, and virtual private network (VPN) servers are all important implementations for protecting your data from outside attacks.

2. Take Specific Access Security Measures

One of the next steps is to ensure that security measures are taken to only grant access to files and programs on an “as needed” basis. The fewer end users with access to confidential information the lower risk of that data being breached.

3. Create Clear & Concise Security Policies

A security policy should be written and distributed law firm wide. The key here is to make sure it’s usable – you want your attorneys and administrative professionals to actually read it and be able to easily understand and retain the information in it.

4. Invest in Rapid Detection of Breaches

The faster you can identify a breach and kick hackers out of the system the better. Investing in technology to rapidly detect a breach, be it in the form of in-house security engineers under the supervision of a CISO or an outsourced solution, is well worthwhile.

5. Keep Your Data Off Your Premises

Cloud storage companies are highly effective in keeping your data secure. It’s their job. So if you haven’t already moved your data offsite, it might be worth considering in 2018.

6. Use a Layered Defense System

You want your security engineers to make it as difficult as possible for a hacker to break in to your data, which makes a multi-level defense highly valuable. Some of the ways you can layer your defense system are: two-step encryption, consistent web and network monitoring, implementing a data-loss prevention system, and installing anti-virus and spam filtering software.

7. Educate Your IT Team

Whenever possible, your IT team should be building security measures into your applications and software systems. Have your CISO train your developers to do this and keep your IT team up to date on your various cyber security implementations and changes, so they can train others effectively, and stay on top of the latest cyber risks.

8. Check Your 3rd Parties

One of the more common areas of security breach is actually through one of your third party connections. As more clients are coming to law firms with security requirements, it’s essential that law firms do the same with their own 3rd party resources. You should have a well-documented policy for internal use that you can ask your 3rd parties to adhere to as well. Or request to see their security policies to ensure your data is protected from breaches.

9. Make a Response Plan

Having a system in place to detect and respond to breaches quickly is of equal importance to having effective preventive measures. Cyber threats don’t belong only in IT’s domain. If a breach happens, it will impact everyone in your firm, including your clients. As such, your entire executive team must be aware of cyber risks, prevention and response plans, and ideally be involved in their development in collaboration with your CISO or CSO.

10. Practice That Response Plan

Once you’ve created a response plan, practice it. Yes, we know that isn’t billable time, but when a breach happens, you’ll be thankful it is not the first time you’re figuring out who is responsible for what and seeing if your plan actually works.

11. Train Your Attorneys & Administrators

Phishing attacks are highly effective for breaching your law firm’s security. That’s why training your employees is so important for preventing attacks. While classes can be helpful as an overview, technology simulations that give them practice recognizing and reporting phishing emails are even more effective for employee’s retention of their training. It’s also essential that you get your employees to agree to encrypt emails and files and understand why it’s important. Give frequent reminders emphasizing the value and necessity of your securities policies to help prevent attorneys and administrators from falling back into old habits.

 

Equally critical to having your leader of security take these tasks in hand is making sure that you are always testing and staying up to date on the latest security practices. Just like you’d hold a fire drill to practice getting your employees safely out of the building, testing your systems to make sure they are secure will ensure you’re ready to handle a breach when it occurs. To ensure the safety of your data and your client’s data, use “white hat” hackers and penetration testing systems on a regular basis (perhaps quarterly) to test your security system and find areas of vulnerability. In addition, from the top down, build a culture at your law firm where everyone takes responsibility for preventing breaches and responding to them if they occur.

The above list may seem like a lot to take on, but breach prevention and response is now a critical priority for all law firms. Implement some or all of the above suggestions, and you’ll start sleeping more soundly knowing that your law firm and your clients’ data are secure.

Start Your Executive searchA strong CISO, CSO, or CIO can be invaluable for your cyber security risk and response measures. If you’re currently without this essential role on your team, we’re here to help.

Request Executive Search

Facebook Twitter Linkedin Reddit Email

4 Tips for Attracting & Retaining Legal Tech Millennials

how to attract and retain millennial legal IT pros

It’s traditionally acknowledged that the legal industry can be a bit conservative when it comes to technological adoption. A few other stereotypes might be that law firms aren’t much fun and aren’t great for work life balance. Of course, not all law firms are the same, but if any or all of these things ring true for your firm, it could be a huge problem for firms looking to hire the best legal technology talent, especially the youngest generation in the workforce. Luckily, there are a few simple modifications you can make (and one complicated one) that could significantly increase your ability to attract and retain millennials (or Gen Y) for your law firm’s IT department.

Tip #1: Adoption of Latest Technologies

One thing that truly sets this youngest generation of workforce professionals apart is their fluency in technology. The technological revolution and social media have had significant impacts on Gen Y and as a result their expectations are set high when it comes to technological adoption in the workplace.

This can cause a number of problems for law firms. First, all millennial employees have high technology expectations, from attorneys, to paralegals, to the technology professionals themselves. Legal technology departments need to be able to provide great technology solutions for their entire firm. Second, millennial technology professionals are always looking to work in the latest, most exciting technologies, from both a technical language and methodology perspective. To attract these millennial legal IT employees—and retain them—law firms should be looking for ways to start to adopt new technologies more quickly.

Admittedly, this is complicated, and for large law firms in particular, it could take quite a bit of time and effort to implement a large-scale change to agile methodology, or the latest coding language. However, if you’re able to make some changes and speed up your tech-adoption, it could go along way toward attracting, and even more importantly, keeping millennials on your IT team.

One great way to do this is to tap into the millennials you already have on your team. Ask them which tools and technologies they’d like to work with, and go ahead and make them a project leader when it comes time to research and implement. They’ll appreciate the trust you’ve put in them and the extra responsibility you’ve given them. Which leads us to Tip #2.

Tip #2: Mentorship and Advancement

One of the biggest drivers for Gen Y is the ability to contribute to an organization. They want to get better and have more and more impact as time goes along. Throughout their upbringing, millennials have been trained to expect personalized feedback about their work, and most of them truly want this feedback to improve, not just to get a pat on the back. That doesn’t mean they want to be micro-managed, but they do want to be mentored and coached. However, mentors and managers need to be aware that for them, that means talking about goals and objectives, rather than how something has been or should be done.

A large majority of millennials desire to be leaders, but according to a Deloitte Survey of 7,700 millennials, 64% feel these skills are not being developed and only 28% of millennials feel their skills are being fully utilized. These stats demonstrate the vast opportunity legal tech departments have to tap into the talent they already have and to build loyalty to the law firm. In addition, “they are more likely to report high levels of satisfaction where there is a creative, inclusive working culture (76%) rather than a more authoritarian, rules-based approach (49%).”

By providing your legal tech professionals with tangible feedback, training, appreciation, and career-advancement opportunities, you’ll give your law firm the best chance possible of retaining these up-and-coming technology professionals. To attract them in the first place, make sure to take them through the career path opportunities you have available at your law firm, and layout how people have been successful moving up in the past. You may also want to highlight your law firm’s management philosophy and review processes.

Tip #3: Work-life Balance & Flexibility

This generation grew up with (mostly) both parents working. While many millennials acknowledge the opportunities this provided them, it also created negative feelings about the lack of work-life balance their parents seemed to have. In other words, flexibility is very important to millennials. Whether that means spending more time with their families, or with friends, it’s a high priority for Gen Y to have work-life balance in their lives.

This doesn’t mean they don’t want to work hard, but they do want flexibility to work whenever and wherever is most convenient for them. According to the Deloitte Survey, 88% of millennials wish they could have more flexibility to start and finish their work days at times they choose. 77% wish to have greater mobile connectivity and 75% would like to be able to start working, or more frequently work, from home or other locations they feel more productive. This could in part be in response to recent backlash over open work spaces and the difficulties they cause for productivity, but it also likely has a lot to do with the work styles they become accustomed to during college working on their laptops anywhere they liked.

It isn’t too hard to put accountabilities in place so that you can provide them with the convenience of telecommuting and you might be surprised at the extra commitment to the firm that this flexibility generates. While law firms do have some extra information security concerns to be cognizant of when allowing for this flexibility, for your attorneys and legal tech pros alike, a little goes a long way when it comes to work-life balance.

Tip #4: Shared Values

For Gen Y, work is about much more than getting a paycheck. According to Deloitte, “Millennials want to contribute to the positive impact they believe businesses have on society, but in doing so, they wish to stay true to their personal values.” If you haven’t done so already, find out what your millennials value and if possible, incorporate them into your company culture. Then promote these values when you interview millennials and give them an opportunity to say, “I care about that too!”

Providing opportunities for tech pros to give back has proven a great selling point for many companies. This might take the form of “hackathons” or pro-bono work your tech team can be a part of. You could allow for a set number of volunteer hours a year your employees can partake in during work hours that don’t cost against their PTO, or arrange for all-company (or department) volunteer events. Knowing that a company gives back to their community and encourages their employees to do the same is very attractive to the millennial generation.

Meaningful work is also important to Gen Y, and while they understand the necessity of profit and a firm’s financial stability, they most often look for firms that put people, especially their employees, first. Legal tech pros want to work for law firms with a mission they can get behind, and it usually isn’t about sales. When millennial employees are aligned to your law firm’s values, they are much more likely to join and stay loyal to your firm.

Conclusion:

The latest college graduates will be filtering into the job market this summer, but Gen Y already make up over 60% of the workforce. While the 90s born and 80s born millennials have quite a few distinctions between them, very few millennials of either kind prefer to be labeled as such, mostly because of the prevailing attitudes from older generations that millennials are lazy, disloyal, and entitled. Those labels may fit for some millennials, but many studies suggest that it is no truer of this generation of 20 and 30-somethings, than it was of their predecessors. In other words, all young professionals have room to grow when it comes to entering the workforce, no matter what generation they are a part of.

As millennials have matured, and become parents and leaders within law firms, some of their values have changed. However, much of what they’ve become known for still rings true: they seek work/life balance, professional advancement, development, and recognition, and want to work for organizations that share their own personal values.

At your fingertips, most law firms have millennials who have grown up with technology impacting their day-to-day life. Now too, many law firms have millennials in leadership roles, and as their clients, which comes with expectations for more technology-assisted processes. If you’re still ignoring millennials or griping about how they are “lazy and entitled”, it’s time for a change. It’s time to discover how you can make the most of your Gen Y technology employees and find success for many years to come.

Are you looking to add more millennials to your tech team, or want more advice on how to make your firm more attractive to them?

Contact us to get started 

Facebook Twitter Linkedin Reddit Email

Telecommuting – It’s Good for Employers in the Legal Tech Niche

3 Reasons Remote Work is a Great for Legal Tech EmployersToday, technology has connected us in powerful ways. With smart phones in our hands, we literally have the world at our fingertips – especially when it comes to business. We take conference calls on the road, check and send emails at lunch, and remain available even when traveling. In a way, we are always reachable, and expected to be so.

With this expectation, many of us are already working remotely throughout the workweek. Yet, some law firms are still skeptical about integrating telecommuting into their business and hiring models. Well, as we are on the heels of a new year, it’s time to face the fact; telecommuting is here to stay. But don’t worry – telecommuting is beneficial to the employer, too.

Hire the Best Talent

When it comes to finding and hiring the best talent, the option of telecommuting greatly opens the talent pool. For starters, you can say goodbye to geographical limitations and hello to the perfect candidate.

As law firms begin their candidate search, from Attorneys and Secretaries to IT Managers and Programmers, they know they need top talent to compete in a competitive marketplace. However, not many law firms know they should be seeking out candidates with telecommuting in mind, in order to obtain that top talent.

As the worlds of tech and legal meet, this becomes an issue, since the tech industry has long embraced remote workers. According to a Monster article, “The tech industry is well known for its flexible schedules and telecommuting opportunities. Which makes sense considering most tech companies are web based and that technology is the greatest resource when working from home. With video chats, conference calls, VPN networks, and wireless internet, we can constantly stay connected as though we were sitting in our office rather than at home.”

So, what does this mean for legal? The best tech talent has already experienced the luxury of telecommuting, and furthermore, they’ve come to expect it.

The nature of IT is very demanding because technology can fail anytime, and therefore support is needed at all hours. Fewer on-site IT resources are necessary thanks to programs like GotoAssist and TeamViewer where connecting to the PC remotely can solve most problems. Support centers are already operating like this, so why wouldn’t you? Denying the option of telecommuting could prohibit your firm from acquiring the best talent.

Enhanced Productivity

Remote Workers are Happier and More ProductiveThink that working from home causes more distractions and less productivity? Think again. Research indicates that employees use their time more efficiently at home. One potential reason being that more distractions are present in the workplace. In a study conducted by Stanford professor, Nick Bloom, the benefits of working from home were evaluated. The results revealed that home workers were more productive, made more work calls, took shorter breaks and less sick days, and best of all, reported being happier than their counterpart office workers.

Happier Employees, Better Retention, and More Money

Working from home offers the employee many reasons to be happy: no commute time, a flexible schedule, less company politics, healthier at-home lunch options, and more. According to a study by communication researchers at the University of Wisconsin-Milwaukee, teleworkers experience lower amount of stress and less distractions, and therefore report beingmore satisfied with their jobs compared to those working mostly in the office because working remotely alleviates more stress than it creates.”

Bloom explains that employee happiness in working where they desire to, whether at home or in the office, is crucial to employee retention. Retaining quality staff will save the company recruitment, training, and loss of productivity expenses. If tech issues remain unresolved for long periods of time due to short staffing, your company becomes at risk for dissatisfied high-level staff and missed deadlines.

Cost benefits also include reduced office space and other office fees. Telecommuting requires that the employee use their own furniture, electricity, and other utilities, therefore saving the company money. An estimated $2,000 per employee could be saved each year on office expenses, Bloom finds.

When it comes to your firm’s bottom line you might want consider hiring a remote worker. Of course, telecommuting is not for every personality type, but it can certainly be used as a great employee retention and top-talent recruiting tool.

If you are looking to work remotely, or to hire a remote worker contact us for current openings at careers@esp-ca.com or 949.753.7575. ESP Legal focuses exclusively on matching top legal technology, litigation, and attorney talent with the best law firm opportunities.

Facebook Twitter Linkedin Reddit Email