The stakes are high for today’s firms when it comes to protecting against a security breach. Multi-factor Authentication is the best line of defense.
There is no sure-fire way to prevent a security breach, but today’s professionals in the legal industry bear the responsibility of doing everything possible to safeguard their firm, its data, and clients against a leak. Beyond the responsibility to “do your best” from a security perspective, regulations are now evolving to address security firms, providing an additional driver toward the widespread adoption of security best practices and safeguards.
Recently, The New York State Department of Financial Services, which oversees 3,900 financial institutions (banks, insurance companies, etc.) released the first-in-nation cybersecurity regulation (effective 3/1/17). The Policy covers “Third Party Service Providers”. Although law firms may not think of themselves as generic "service providers", many firms fall squarely within this definition in connection with their representation of covered entities. Furthermore, despite the New York-centric language in the press release, this policy impacts regulated and nonregulated entities both in and outside of New York - companies throughout the country, and even outside of the U.S., are affected by the new regulation, as are many of the law firms that represent them. Among other security provisions included in this policy is the requirement for service providers to implement multi-factor authentication.
It is refreshing to see policy changes that reflect the need to raise the bar when it comes to law firm security practices. One of the most significant risks to law firms today is data security. Law firms are increasingly targeted by hackers due to their access to high-value information that they hold on their clients. Despite this, many law firms are failing to implement the highest levels of security at their firm, leaving both the firm and its clients at risk. This can lead to consequences beyond client attrition - many firms have been subject to lawsuits as a result of weak security that resulted in a data breach.
What is Multi-factor Authentication?
Multi-factor authentication (MFA) is one of the trusted security measures that helps fight against remote attacks such as phishing, credential exploitation, and other attempts to hack your personal accounts. MFA adds additional levels of authentication to an account login as opposed to a single-factor authentication when you only need to enter username and one password.
Without your physical device, remote hackers are unable to pretend to be you in order to gain unauthorized access to corporate networks, cloud storage, financial information, etc.
Why Should All Firms Require Multi-Factor Authentication with all Legal Apps?
Multi-factor Authentication (MFA), in particular, is a must-have for law firms as part of a multi-layered approach to data security. Here are a few key reasons why MFA should be adopted by all law firms and other professional services organizations:
#1: Data breaches happen everyday.
Cybercriminals are extremely effective and are constantly growing in both sophistication and volume. According to the the Anti-Phishing Working Group (AWPG), “The number of phishing websites observed by APWG increased 250% from the last quarter of 2015 through the first quarter of 2016.” Phishing websites today are so close to the real thing that they are often hard to distinguish from the credible brand sites that they are imitating. This means that your staff are even more likely to fall victim to a phishing campaign. MFA provides an additional layer of protection when this takes place.
#2: Passwords are not enough.
Not only are passwords lucrative targets for cybercriminals, they are often weak and easily acquired. Multi-factor authentication provides an additional layer of security beyond the password.
#3: It is your responsibility to put every mechanism in place to protect client data.
When it comes to cybersecurity, there is no 100% guarantee against a data breach. However, it is imperative to put every reasonable safeguard in place in order to best prevent an incident. This extends to any legal technology vendor that you deal with as well.
How has security factored into your vendor selection decisions? Share your experience in the comments section below.