Skip to the main content.
What Size Law Firm Are You?

We've crafted solutions tailored to your firm

Insurance Glossary

The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.

← Blog Home

Great Law Firm Cybersecurity Without Breaking the Bank

5 min read

Great Law Firm Cybersecurity Without Breaking the Bank

Has Your New Year’s Resolution to Up Your Cybersecurity Game Turned to Dust?

Don’t let that happen! There’s plenty of time in 2024 to address your cybersecurity posture and meet your ethical duty to protect the confidentiality of client data. That means preventing unauthorized access. The number of law firm data breaches rose significantly in 2023, therefore requiring particular vigilance when addressing cybersecurity. It didn’t help that the class action law firms began going after breached law firms last year. That has intensified the resolve of law firms to up their cybersecurity game.

However, enhancing cybersecurity is particularly challenging if you are not a large firm because funds available for cybersecurity are often limited. So where should you invest your hard-earned dollars? Our expertise is in providing budget-friendly solutions for those firms who don’t have the luxury of spending vast amounts of money on cybersecurity. We’ll give you a few suggestions for the best cybersecurity bang for your buck.

New call-to-action

Use MFA Everywhere!

Going once. Going twice. Going three times. The winner is MFA (Multi-factor authentication). MFA is by far the top choice among all our recommendations. According to Microsoft’s analysis of real-world attack data, implementing MFA reduces risk of compromise by 99.2%. Considering that MFA is generally a no-cost solution, implementing it is a no-brainer.

Put simply, MFA is another factor used to log on to an account or access a service. The default MFA for most systems is delivery of a code via SMS text message. In other words, you log on (step one) and a code is sent via text to your phone. You then enter the code to the system (step two) to complete the logon process.

Of all the MFA delivery mechanisms, SMS text is the least secure. Even though it is not as secure as other delivery methods, it is FAR better than not having any MFA at all. So if text is your only choice, use it. A more secure method is to use an authentication app (e.g. Google Authenticator, Microsoft Authenticator, Authy, Duo, etc.) that generates a code every 30 seconds. Instead of entering the code received in a text message, you enter the code that displays in the authentication app. If you have a choice between text messages and an authentication app, choose the app. An even more secure method is to use push notifications to the authentication app. Finally, the most secure MFA method is to use a physical token such as a YubiKey.

We know some of the language about MFA is foreign, especially to solo/small firm attorneys, but a little research online will quickly help you understand MFA and how to implement it. Guidance from whomever provides your cybersecurity support is recommended.

Recovering from the Nemesis That is Ransomware

In addition to death and taxes, one more thing you can count on is the continuation and escalation of ransomware attacks. According to the Verizon 2023 Data Breach Investigations Report, ransomware was involved in 24% of data breaches. The attacks may not specifically target your law firm but may be introduced via a supply chain attack. In other words, you may be compromised because of some product or service you use in your practice. Bottom line…maximizing your ability to recover from a ransomware attack should be at the very top of your cybersecurity budget.

Making sure you can restore your data following an attack is key. The whole point of ransomware is to encrypt your data so that you pay a ransom to get the decryption key in order to make your data accessible again. If you have a good backup to restore from, then you won’t have to pay a ransom for a decryption key. Just restore the data and you’re back in business. 

Today’s problem is that current ransomware attacks look to destroy your backups so you can’t restore the data. This means you need to engineer your backups to be resistant to ransomware. There are many ways to accomplish this, but we’ll concentrate on lower cost alternatives for smaller firms.

A lot of solo/small firm lawyers use external USB drives to backup data. External USB drives are a cost-effective way to have good backups. However, you should have at least two drives and make sure you disconnect them from your computer once the backup is completed. If the drive is connected, it may get encrypted by ransomware.
In addition, sending backup data to the cloud (e.g. Carbonite, Mozy, Backblaze, etc.) should also be considered. Even in the cloud, you need two backups, one of which is not connected to your network – it’s a piece of cake for attackers to destroy backups that are connected to your network.

One last item to consider when designing backups to be ransomware resistant is immutable storage. Basically, immutable data can’t be changed or deleted for any reason for some designated time. The ability to have immutable data is most commonly found in cloud backups. You can set an expiration date after which the immutability is removed. 

EDR, XDR and MDR – If They Don’t Ring a Bell, Read Carefully

Cybersecurity is often an incomprehensible alphabet soup. We fully understand that the header above is headache-inducing. Read this portion of our article slowly because it is invaluable in protecting your data. One best bang for the buck is the new breed of security software known as Endpoint Detection and Response (EDR). You may also see the software marketed as Extended Detection and Response (XDR) or Managed Detection and Response (MDR). EDR is the next generation of endpoint protection and uses advanced technology such as artificial intelligence, machine learning, heuristics, etc. to analyze activity and take the appropriate action when suspicious activity is discovered. For example, transferring a file from the internet without any human interaction might be suspicious causing the EDR software to stop the transfer and/or quarantine the downloaded data.
EDR software is particularly effective in combating ransomware. When files begin to be encrypted in a systematic way, the process can be terminated, and the offending programs quarantined to prevent further activity. EDR can go even further and automatically disconnect the computer from the network to prevent spreading malware to other systems. Some EDR software can also roll back the computer to a known good state (e.g. 10 minutes before the ransomware attack).

There are many affordable EDR solutions that fit the budgets of small and midsize firms. You should be able to implement quality EDR software for around $10-$15 per endpoint per month. We highly recommend implementing EDR software for all your endpoints. Cyberinsurance companies are increasingly asking about EDR in your environment. EDR may even be considered an ethical requirement, especially since it is so affordable and a very reasonable solution to protect your data from ransomware attacks.

Zero Trust: A Future You Cannot Avoid

Finally, what other cybersecurity measures should you be taking in 2024? The short answer is Zero Trust. Firms should be budgeting for and implementing a Zero Trust Architecture (ZTA). Zero Trust means just that. Trust nothing and verify everything. ZTA is an architecture and not a “thing” you purchase off the shelf. The focus of ZTA is to verify the identity and access of every device and every person.

Perimeter security no longer works. We can’t put a “wall” around all our devices and data anymore. We are much more mobile (e.g. a hybrid workforce) and increasingly use more cloud services. This means we must authenticate every access whether it is internal or external. In addition, we need to periodically re-authenticate access since there may be a compromise after initial access. In other words, assume the network or endpoint is compromised.

Implementing ZTA will take some time and it needs to be planned. The best approach will be to implement portions of ZTA over time. MFA is a good starting point to begin your ZTA journey. The key is to implement changes that enable your workforce to be secure without a lot of pain points – and as you might expect, they will moan and groan anyway.

Final Words

If you can’t afford to take reasonable steps to secure your data, you sure as heck can’t afford to be the victim of a data breach!

Sharon D. Nelson, Esq., is the President of Sensei Enterprises, Inc., a digital forensics, cybersecurity and information technology firm in Fairfax, Virginia. Ms. Nelson is the author of the noted electronic evidence blog, Ride the Lightning and is a co-host of the Legal Talk Network podcast series called “The Digital Edge: Lawyers and Technology” as well as “Digital Detectives.” She is a frequent author (eighteen books published by the ABA and hundreds of articles) and speaker on legal technology, cybersecurity and electronic evidence topics. She was the President of the Virginia State Bar June 2013 – June 2014 and a past President of the Fairfax Law Foundation and the Fairfax Bar Association. She may be reached at

In 2022 Supply Chain Security Needs to Be Top of Mind

4 min read

In 2022 Supply Chain Security Needs to Be Top of Mind

As we begin a new year, it’s time to reflect on the strengths and weaknesses of our cybersecurity posture. Now more than ever, it’s important to...

Read More
How to Create a Data Security Plan

1 min read

How to Create a Data Security Plan

The belief that a computer or network breach is a ‘when,’ not an ‘if’ is practically dogma now. Given this reality, every law practice, regardless...

Read More
Rethinking Your Backup Strategy in Light of Ransomware Threats

3 min read

Rethinking Your Backup Strategy in Light of Ransomware Threats

(Updated May 19, 2023) You’ve got a very serious problem on your hands should your firm’s computer network ever become infected with ransomware,...

Read More