In the wake of the COVID-19 pandemic, law firms are continuing to transition to a hybrid work model, affording their employees more flexibility which, in turn, attracts more talent, improves retention and encourages productivity.

The sudden, dramatic shift to remote operations just a couple of years ago facilitated rapid digital transformation, virtualizing almost everything from paper documents to client meetings to IT infrastructure. Digital transformation has brought significant benefits to law practice such as improving information management, workflow efficiencies, employee satisfaction and enhancing client service. These key business benefits have become essential in an increasingly competitive legal market.

However, along with the added benefits comes significant risks.

As Canadian firms transition to a more digitized, hybrid work model, with firm members accessing systems from different locations and devices, they are exposed to more risk for three primary reasons:

  1. Remote/hybrid workers have a larger attack surface, both digital and physical.
  2. The complexity of managing a hybrid network and remote users, combined with the increased risk it presents put significantly higher demands on IT departments, which can result in critical security gaps in infrastructure.
  3. The number of opportunistic and targeted cyber attacks are on the rise since the shift to remote work, and law firms are being targeted.

The most common cyber attack on hybrid law firms

Cyber criminals use a variety of methods to attack, however, phishing emails are the most common, as they exploit the primary vulnerability in the hybrid workplace - lawyers and staff.

Phishing emails are typically used for two primary objectives:

Credentials theft

The goal of a credential-seeking phishing email is to convince the target to click a malicious link, visit their website and insert their username and password under the impression that they're a legitimate account, such as a bank or retail offer. Another method is to stealthily load keylogging software onto the user's device, which then records and transmits their credentials back to the cyber criminals, effectively handing them keys to the network.

Ransomware

Canada often ranks among the top countries impacted by ransomware, and in just the first half of 2021, the number of attacks increased by a shocking 151 per cent. Opportunistic ransomware attackers will send out phishing emails with links that when clicked, launch ransomware on the user's device. This is done quietly, without the user noticing, so that the ransomware can spread through their files and into shared network folders, encrypting and locking down data as it penetrates deeper. Oftentimes, organizations don't know they've been infiltrated until they suddenly can't access critical files, and a notice pops up demanding a ransom payment.

There are other remote user cyber attacks including viruses, spyware, worms and trojans. Strong endpoint protection can catch most of these, however, phishing requires more than technology to prevent system infection - it also requires employee attention.

If you're interested in learning about how you can add a second layer of protection to your organization, consider RICOH Ransomware Containment.

What firms can do to protect themselves

Despite the challenges, firms can - and should - quickly address today's challenges and protect themselves and their clients from cyber threats. This is especially true for smaller firms who are at serious risk as cyber criminals view them as "low-hanging fruit"

Organizations of any size can affordably protect themselves with enterprise-level security. Here's where to start.

Change behaviours

Empower your firm members to become your first line of defence against cyber threats. Educating them about the risks, how to spot a phishing email, and cyber security best practices to follow will go a long way toward protecting your business. There are a number of cyber security training modules on the market, many of which offer testing and reports to ensure everyone is engaged and vigilant.

Assemble your leadership and technology teams to define - in writing - policies and a plan to implement them. Policies should address user behaviour, alongside firm practices, technologies, and education to support users and protect your data.

While the specifics will vary from one firm to another, they should include technologies like endpoint and network protection. Your policies should also address basic security measures including:

Passwords - Using strong passwords is a must. Passwords should be reset often, at least every 90 days. Weak passwords remain a problem for many organizations and individuals which, while understandable with so many passwords needed today, does create a security risk. You want to educate your employees on what constitutes a strong password, require password updates regularly using alerts to remind users, and share tools they can use to simplify password management.

Use of mobile devices - If possible, firm members should not use personal devices for work-related activities. Company-issued devices should be secured with pin codes or passwords. If a firm allows the use of personal devices, they should have a clearly communicated BYOD policy and signed consent for the installation of a mobile device manager that protects company information.

Education - Provide regular education to keep firm members informed about current phishing scams and ransomware, along with how to deal with suspicious notifications, emails and other communications in a safe way. Education is an essential part of policy to ensure everyone understands and is aware of their responsibility to secure data and maintain privilege.

Secure your IT infrastructure

With a hybrid workforce, there are a lot of technology options to stay connected. To ensure secured infrastructure, consider using the following:

Multi-factor authentication - With multi-factor authentication (MFA), you add an extra level of protection around your network and data by requiring users to verify their login credentials in multiple, independent ways. For example, you could have a user provide a randomly generated code sent to their mobile device or email address to complete logging into a system, after they have already entered their username and password.

Endpoint protection - Because of the increased risks that come with remote operations, hybrid companies should implement anti-threat systems that prevent, detect and act on potential threats. AI-based solutions such as SentinelOne use machine learning to monitor the network and immediately recognize any unusual behaviours. Once an alert is triggered, security specialists can act quickly to remediate the problem and prevent damage.

Secure traffic with VPN, firewall and switches - Implementing a virtual private network (VPN) provides employees secure access to your network. Unless you have gone to a cloud application-only infrastructure, you must use VPN to keep your data encrypted and your network secured. VPNs should be secured with next gen firewalls that provide real-time reporting on threats that bypass endpoint protections. Hybrid Intelligence combines both human and machine learning to apply rules to specific applications and other functions to allow or deny traffic to flow through to the network.

To get a clear picture of your business risk and identify any gaps in your IT security, consider booking a security assessment with Ricoh. Book an assessment today.

RICOH empowers digital workplaces by enabling individuals to work smarter. Through our portfolio of innovative technologies and services, we support organizations, law firms and corporate legal departments in their journey towards digital transformation and better business outcomes. Let us help you redefine work and change. For better.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.