Part One of this series focused on the immediate risks law firms face from hackers, and the potentially devastating harm a single cyberattack can cause. Now we turn to some common assumptions and errors that law firms make in considering cyber issues.

Often, when a cyber breach reaches the news, it is because something bad has already happened. Some cyberattacks may be unforeseeable, but there are common mistakes made by many in responding to attacks. There are opportunities to learn from the mistakes made by other firms and attorneys, and avoid similar issues in the future.

Focus on Prevention

Many law firms develop plans for what to do once a cyberattack happens. However, it is just as important for firms to focus on prevention of attacks. Notably, preventing a cyberattack is not solely an IT issue, but is also a risk management issue.

Firms that have successfully prevented cyber breaches have generally followed four key steps. First, some law firms have implemented a cyber security program incorporating some common elements, such as anti-virus protections, firewalls, secure connections, and requiring passwords for mobile or desktop devices.