3 Cybersecurity Recommendations for Law Firm Employees

According to the American Bar Association, one out of every four law practices is the victim of a data breach. As firms experience rapid growth, it is critical to build a culture of security from the get-go and provide clear expectations to new employees for how security incidents should be handled through regular training for new associates and staff. Associates are prime targets for phishing schemes because attackers know they are new to the firm. Since most associates are fresh out of law school, they’re also more eager to prove themselves and might quickly respond to what they think is a partner’s email without thinking.

As new members join the firm, it is an opportune time to make sure they receive rigorous cybersecurity training to protect the firm from potential breaches. Here are three cybersecurity training tips for new law firm associates and staff.

1. Understand the Common Phishing Schemes

According to the FBI, phishing was the most common cybercrime in 2021 and phishing attacks have continued to increase. Because of this, training on how to spot social engineering and phishing strategies hackers use should be included in the cybersecurity training for new hires. There are three common types of phishing schemes: spear phishing, domain spoofing, and SMS phishing & vishing. Each attempt usually appears as an email or a text impersonating a colleague or company. The requests usually direct the recipient to follow a link, send a payment, reply with private info, share credentials or open an attachment.
Important red flags to help spot phishing attacks:
  • Use of threats or a sense of urgency
  • Suspicious attachments
  • Poor grammar or misspellings
  • Pop-up windows or valuable offers with little or no cost
  • Inconsistencies in email addresses or domain names given that 90% of data breaches are caused by phishing emails, new associates should be trained on how to spot and report these attacks.

Given that 90% of data breaches are caused by phishing emails, new associates should be trained on how to spot and report these attacks.

2. Ensure Multifactor Authentication Is Enabled

Law firms have access to significant amounts of sensitive client data, which makes multiple security layers critical. Multifactor Authentication (MFA) provides an extra layer of security for law firms by requiring identity verification in addition to a secure password. Instead of associates working behind a locked door, for example, they’re working behind a locked door that also requires thumbprint analysis. MFA also acts as a deterrent to hackers and protects both remote and in-office teams against basic attacks like email phishing and more complex attacks

3. Create a Culture of Safety From Day One

law firm’s security is only as strong as its weakest link. Whether an employee is new or tenured, security is the responsibility of everyone in the firm. All firm employees must assume they are targets and stay vigilant for suspicious emails.

If an employee receives or clicks on an email and later realizes it could potentially be a phishing attack, it is critical to report it immediately. It is likely that others were attacked as well. Bottom line: If you see something, say something.

Conduct cybersecurity training regularly and use these sessions as opportunities to both educate employees on new attack methods and remind them of the policies and procedures to follow if they experience an attempted attack. Investing in continuous cybersecurity training not only protects firms from future attacks but helps empower a law firm’s workforce, builds client trust by thoroughly protecting data, and saves significant time and money that’s lost when breaches are successful. Phishing schemes are expected to continue increasing exponentially. By training employees to recognize and report phishing and cyber-attacks, they become the first line of defense to protect firm and client data.

Day one cybersecurity training for new associates and employees is critical because hackers are targeting new hires from day one.

To learn more about how to create effective new-hire cybersecurity recommendations law firm employees training to protect your law firm, register for the upcoming Frontline webinar on November 9th: Click Here

Afton Clark has deep expertise in legal IT and cybersecurity and serves as IT & Cybersecurity Marketing and Growth Manager at Frontline Managed Services