Cybersecurity for Lawyers: Three Surefire Ways to Protect Your Data
Published on January 3, 2023 Featured Law Practice Tips
Data Breaches Can Happen to Law Firms of Any Size
In 2020, New York-based entertainment law firm Grubman Shire Meiselas & Sacks fell victim to a massive ransomware attack. As its name suggests, ransomware attacks hold information and data for ransom (often encrypting or locking users out of databases). The only way to retrieve access is by paying the ransom.
To pressure the firm to pay a $42 million dollar ransom, the hackers leaked private information about one of the law firm’s A-list clients, Lady Gaga. But the hackers didn’t stop there. They threatened to leak more information involving other celebrity clients if the firm failed to pay the ransom.
While this case is still ongoing, it illustrates how some of the biggest, most successful law firms in the country can be the victims of data breaches. If you’re a Texas lawyer, you need to take proactive action to avoid data risks and other potential cybersecurity hazards.
Stop Using Weak Passwords
While a password that’s easy to remember may be more convenient, it can pose a great risk to yourself, your staff, your firm, and your clients. This is especially true if you use the same password for multiple logins. To bolster your data security, ensure that everyone in your firm uses long, complex passwords.
Now, you may be worried about forgetting longer passwords, but you can implement password management tools to manage your firm’s passwords safely and securely. There are plenty of password managers available. Make sure to do your research when choosing the right option for your firm. Some options to consider include the following:
As a rule of thumb, avoid writing your passwords down on paper or post-it notes. Can you imagine losing or misplacing your password notebook? Maybe you’ve already experienced this. By using a password management app, you’ll never have to worry about forgetting a password.
Always Encrypt Emails, Files, and Other Data
Encryption is one of the most effective ways to protect your digital assets, but many law firms tend to overlook this process. If you don’t implement encryption measures, then anyone—from malicious hackers to curious family members—can easily access and view your firm’s data.
When you encrypt your data, it’s converted into an indecipherable code that can only be accessed with the correct password. So, if a hacker succeeds in getting your data, what they see will be useless. Think of encryption as an ever-changing, unbreakable cipher that can only be cracked with your password.
To protect your legal documents, here are a few of the most highly-rated encryption software providers:
One of the advantages of encryption is the fact that many applications take care of the entire process on your behalf. Again, make sure to do your research when looking for encryption applications.
Take Metadata Seriously
Every digital file has metadata. But what is metadata, anyway? Simply put, metadata is “data about data.” It describes a file’s details including its origin, usage, and other characteristics including the following:
- Author
- Date
- Time of creation
- Changes made by users
- Edit history
While it may seem innocuous, metadata is discoverable under Texas law and can be used as evidence. That’s why it’s crucial for lawyers to be aware of the potential hazards metadata can create. Metadata also plays an important role in e-discovery.
In re Weekley Homes, L.P., 295 S.W.3d 309, 320–21 (Tex. 2009); In re Honza, 242 S.W.3d 578, 580–81 (Tex. App.—Waco 2008, no pet.).
How to Protect Yourself from Metadata Misuse
Since metadata is stored in the background, it’s easy to forget about it (until it’s too late).
You may file a Texas Bar Practice manual form electronically, only to inadvertently disclose confidential information within the metadata.
PC users can implement the Texas Bar Books toolbar for Microsoft Word to permanently delete hidden data such as instructions, edit info, and more.
To learn more about the toolbar, check out this How-To article.
You can also implement the following methods:
- Scrub metadata from documents before sharing, submitting, or transmitting them
- Convert files into a different format that does not store the original metadata
- Print or fax your documents
The Best Time to Improve Your Firm’s Cybersecurity is Right Now
In our digital world, everyone is at risk of having their data stolen by malicious parties.
The first step towards avoiding data risks is to take cybersecurity seriously. You lock up your firm when you leave for the day, so you should treat your files and documents with a similar (or higher) level of importance.
To learn more about cybersecurity and risk management, consider registering for the following TexasBarCLE courses:
Otto Nicli
Otto Nicli is part of the State Bar's Web team and serves as the blog writer for the Texas Bar Practice website. He also plays a part in marketing and video production. In his free time, he enjoys watching Top Chef with his wife, collecting records, reading, and going to shows.