Legal Field IT Specialists CEO, Robert Finley, answering a question from concerning operational inefficiencies of law firms:

What dangers exist if we don't protect our firm?

The following are three of the many levels of pain, or degrees of severity and consequences, that can occur by not having secure IT systems and procedures in your practice.  I'll address each of these three briefly here in this segment.

  • Operational Inefficiencies
  • Organizational Fines
  • Client Fallout
  1. Operational Inefficiencies

The first degree is the pain of not effectively conducting business and operational inefficiency reviews. This would include events like staff downtime or a network outage. Or maybe your computers are not online, and you cannot view a client’s case-file. Or maybe your staff cannot process payments, submit court documents, perform discovery activities, access your secured email, schedule depositions, or update case documentation. These are a few of the basic services your firm and staff require to function daily. Because you handle such personal and sensitive issues for your clients, they expect your systems to have no downtime and little delay.

  1. Organizational Fines

The second degree of severity would be the fines that are placed on law firms or even action from the Federal Bureau of Investigation (FBI). The financial burden due to PII (Personal Identifiable Information) and any HIPAA-related fines for firms participating in any health-related cases ranges from $100 to $1.5 million. The situation can get dire and costly very quickly without proper protection and documentation.

  1. Client Fallout

This is the third degree of severity and can be extremely damaging. A lack of confidence and clients leaving you, to clients sharing what happened with the community either by word of mouth or through an online review results in lost reputation and strained relationships in general. I call this a "reverse referral" or an "anti-referral." It is a negative review of your firm’s capability and costs you clients, rather than gaining them.

Remember, nobody hacks a system just to access one client's data. Cybercriminals want to take all your records, to extort money from you through a ransomware attack or sell them on the dark web.

Information like birthdates, Social Security numbers, and driver's license information are used to fill out, submit and validate any number of fraudulent accounts or transactions - such as income tax filing, financial aid applications or insurance claims. Marital status or emergency contact and employment information can also be used to guess security validation or password reset questions. And email addresses or phone numbers can be used to evade anti-fraud mechanisms such as PIN systems or multifactor authentication.

Also, just to put this into perspective, while the black-market value of a social security number is only about ten cents and a credit card number is about twenty-five cents, the value of a health record obtained from a personal-injury attorney can be as much as several hundred or even thousands of dollars on the dark web!

A well-positioned attack can wreak havoc, so you must be ready to defend your practice at all times. You must encrypt and test your backups, review your procedural documentation, and constantly run cybersecurity automation on all systems each day.

Cybercriminals must only be right once for them to gain access to patient data. However, YOU must be vigilant ALL THE TIME to stop them.

If you want your firm protected from the havoc of these issues call us today. Legal Field IT Specialists provides tailored IT support services to law firms to protect your firm from the dangers of online threats as well as working with you to ensure that your staff is highly productive & efficient which, in turn, increases your firm's profitability as a whole.

Phone: (678) 926-9192