Guest post: Cyber attacks and cloud computing
The recent ransomware attack on DLA Piper should make law firms big and small look up and take notice. Whether you care to admit it or not, your legal practice is vulnerable. Hackers are becoming more aware of the wealth of data held by most law firms. They know how to find that valuable information and how to get it. They also know that most law firms don’t appreciate the threat that cyber attacks present, and are vulnerable. In fact, Cisco ranked legal as the seventh most vulnerable industry in their recent annual security report.
Fortunately for DLA Piper none of their data appears to have been compromised yet this should still serve as a warning to all firms to make sure they have up-to-date, expansive back-ups of their data that they test frequently in the event of this worst case scenario. Best practice dictates that all companies should have two backups, one onsite, and one off-site, a process made far easier by using cloud-based software.
Many firms store their client data, whether paper based or on servers, in the confines of their office and avow this to be taking reasonable precaution in protecting data when it is in fact accessible to anyone with physical access to the building. Cloud computing offers a level of security and data protection superior to on-premise solutions. Most data centres are significantly more secure than the average law firm server. In addition to round-the-clock monitoring, on-call experts and daily penetration testing, they employ strict controls on technical and physical access. One example of physical access security is the use of “man traps.” To enter the data centre, you have to pass through a door, and then verify your identity on camera with biometric controls at the next door. If you can’t then all the doors around you are locked and the police are called. Most law firms couldn’t implement this level of security themselves.
That extra level of security extends outside of the data centre. Using cloud software offers security settings that can be easily set and applied to all users, technical access controls that prevent unauthorized access with settings like automating strong password requirements, two-factor authentication, and forced password updates. Not all of these security tools are available in on premise software and implementing the few that do exist would require physically going to each computer to turn them on.
If your firm did fall victim to a ransomware attack the decision to move to the cloud should stand to you. Upon seeing the dreaded demand for a Bitcoin payment you could simply log on to your software from another device and change your password whereas with traditional software your data would be at the mercy of the hackers.
Security is not the only benefit of moving your law firm to the cloud. Cloud based software has a much lower total cost of ownership than traditional desktop based software. Many of the IT costs firms have grown accustomed to paying such as licensing, maintenance, installation, training, configuration, not to mention server costs, are all rolled into a monthly subscription which can be anywhere from a third to two-thirds less expensive than traditional software. Ease of use is also a common feature of applications native to the cloud, being browser based they tend to use controls that anyone who’s used Facebook or Gmail can pick up in a matter of minutes, as opposed to traditional software which can often involve hours of training to develop even a basic understanding of its functionality. The ability to work from anywhere on any device is also an invaluable proposition, particularly given the amount of time modern lawyers spend out of the office, yet it is one that is only available to those willing to move their practice to the cloud.
Your firm may not be the size of DLA Piper but it still holds client data of value to hackers. Unless you have the considerable time and resources required to dedicate to maintaining your firm’s IT security measures then a move to the cloud could be the best move your firm makes.
Derek Fitzpatrick is EMEA general manager at Clio, which supplies web-based practice management tools to the legal industry.