The Law Firm Security Checklist - Part 2: Minimizing the Damage from an Attack

Clear Guidance has always taken the approach of “when, not if an attack/breach happens”. Your firm should as well. In cybersecurity, a breach is often referred to as the “boom”, and it occurs in the transition between protect and detect phases of the Cybersecurity Framework (CSF). IT has traditionally focused entirely on the identify and protect phases, while neglecting the value of robust detection, response and recovery plans.

 
CGP cybersecurtiy framework diagram.JPG
 

There are a couple of key steps that you can take in preparation to protect your firm better when the boom happens. Here are a few easy tasks you can start working on now.

  • Keep an offline copy of your security and operations documents, especially ones like employee contact lists. Keep the copies in multiple places as well, not just the office. The firm administrator and managing/administrative partner should keep copies at home as well.

    • You may be dependent on personal email, text, etc. in a disaster. Have a backup communication method planned out, along with the proper contact info to utilize it.

    • Ensure critical vendors such as any outside IT vendors are on this list as well.

    • The firm should have a formal incident response and disaster recovery plan; make sure a copy is included.

  • Review your cyberinsurance policy, and ensure you have contact info for their incident response team (add that to your security documents!) Your IT team (in-house or outsourced) should not be the primary leader in the event of a breach (although they should be involved every step of the way). There are potential issues with destroying logs and other forensic info, and we have seen IT restore backups only to get breached again immediately due to the attackers still having a foothold.

    • Review your coverages, and make sure they are appropriate. For a firm performing sensitive corporate work with revenues of $50m/year, a $2 million policy might be insufficient.

Still worried about your firm’s IT & security? Let’s see if we can help - schedule a call with a partner today.