Legal Field IT Specialists CEO, Robert Finley, answering some questions from firms regarding cyber-attacks on law firms:

What is the first step law firms should take to mitigate a cyber-attack?

Athletes do it. Sports teams do it. Airline pilots do it. Professional speakers do it. Musicians do it. Wedding planners do it, heck it's in their title. As the saying goes, "Failing to plan is planning to fail." If you don't have a plan in place before tragedy hits, you (or your staff) may end up being frozen in shock. People often panic when they don't have a plan. So proper preparation is the first step in mitigating a cyber-attack.

Being prepared for a cybersecurity attack can reduce the risk that your firm faces and may minimize the potential damages associated with being a victim of an attack. Additionally, planning ahead of time helps to ease the difficulty of managing the response and recovery times.

Planning leads to awareness and preparation leads to readiness. So, part of adequately preparing is to have an established communication plan. This is a communication plan for your contact with outside parties.

Who are some of the outside parties we may need to communicate with if our firm is breached?

Depending on the scope of the incident, the response team may need to communicate with outside organizations such as:

  • Internet Service Provider's, or ISP's
  • Other Incident Response Teams
  • Software and Hardware Vendors
  • Legal Counsel and Insurance
  • The Local News Media
  • Law Enforcement

Any communication plan to be used with outside parties should document who is authorized to communicate with each type of outside party and what can and cannot be shared, as well as suggestions on when you should hire an outside communication management company and/or a separate law firm for representation.

What should a cyber-attack communication plan include?

Your communication plan should list out the required staff training and processes for handling the media, if and when necessary, and stress the importance of not revealing sensitive information.

Having a clear outline on how to handle contact, communication, and other interactions with authorized team members is important.

Doing so will maintain that the released statement is the current status of an incident so that all interactions are up-to-date and consistent. As you can see, this communication plan is multifaceted and involves several potential organizations. So, the key is to develop this plan and strategy before you need it.

Other forms of adequate preparation include instituting a solid documentation of the environment, regularly testing a backup system, and training users on cybercrime awareness, just to state a few.

Another good way to plan for an attack is to familiarize yourself with common attack vectors such as removable and external media, brute force attack methods, web surfing, email usage, theft, impersonation, and the improper usage or violation of acceptable policies. These best practices are key in documenting the responses to new and unknown threats online.

If you feel that your law firm could use some assistance with setting up a proper communication plan for your firm call us today. Legal Field IT Specialists provides tailored IT support services to law firms to protect them from the dangers of online threats as well as working with you to ensure that your staff is highly productive & efficient which, in turn, increases your firm's profitability.

Phone: (678) 926-9192