Gary Wickert of law firm Mathiesen, Wickert & Lehrer (MWL) has a blog on the firm's website on the need for cybersecurity. The post is at https://www.mwl-law.com/what-do-you-really-know-about-your-subrogation-counsels-cybersecurity/ - it's long but worth reading.
Just like a chain, cybersecurity is only as strong as its weakest link. Cyber attackers are targeting insurance carriers and law firms, and any lawyer or firm with weak cybersecurity will expose clients, insurers and other law firms it works with to hackers.
Companies have a legal duty to protect personal and proprietary information, and a practical obligation to protect themselves from a cyber breach. Law firms also have an ethical and professional duty to protect sensitive information. This duty includes having secure technology and a trained staff.
MWL "walks the walk" on cybersecurity, and Wickert details their practices at length. He presents ten questions to ask:
- How do you approach cybersecurity risk management?
- What cybersecurity framework are you using (NIST is recommended)?
- What access do you have to cybersecurity expertise?
- Do you provide specialized cybersecurity training to your staff?
- Do you have adequate anti-exploit protection for all endpoints?
- Is your network protected with content filtering, URL filtering and a properly configured firewall?
- Is your staff required to use end-to-end encryption when working remotely?
- What is your process for managing sensitive data?
- Do you have controls, encryption policies, and tracking for removeable media?
- Have you analyzed your cyber insurance policy for coverage gaps?
Final question - how did you score?