Protecting Your Law Firm Against Cyber Attacks with Tom Lambotte
Aug 05, 2021
We all work hard to create a successful practice. We're busy generating leads, building our reputation, and providing excellent service to our clients. However, you might be overlooking one crucial component of your business: cybersecurity. Cyber attacks today have become much more sophisticated, and they're continually evolving. Thus, you cannot merely hope to avoid being targeted. You need to take action to protect your business now.
In this episode, cybersecurity expert Tom Lambotte joins us to discuss the threats we face with cyber attacks today. He discusses ransomware, phishing, and how you can protect yourself against both. Tom also shares how a lack of awareness, time, clarity, and implementation leads to weak security. Many law firm owners don't realize their need for cybersecurity until it's too late. Don't wait until cyber attacks today ruin your entire practice.
If you want to know more about protecting your business from cyber attacks today, then this episode is for you.
Here are three reasons why you should listen to this episode:
- Learn how cyber attacks have evolved and what you should look out for.
- Understand the four reasons why most law firm owners have weak cybersecurity through the Lacking Framework.
- Discover how you can start securing your business from cyber attacks today!
How Tom Started Working with Lawyers
- Tom learned about different lawyers’ needs through his consultations under GlobalMac IT.
- From his experience, Tom realized that solo lawyers and small firms usually cannot avail of security solutions due to their size.
- It’s becoming easier to set up a practice with management solutions.
- However, cyber attacks today have evolved, and lawyers don't have the security knowledge to keep their firms safe.
Security is Needed Now More Than Ever
- A decade ago, firewalls and virus software were enough. However, cyber attacks today include sophisticated ransomware and phishing scams.
- Some people think that a Mac gives them more security, but this isn’t true anymore.
- Tom attributes weak security to a framework he calls the “Lacking Framework.”
Tom: "People's measures haven't changed, but they need to. That's where they're leaving themselves exposed."
The Nature of Ransomware
- Ransomware is one type of cyber attack today where your files are held for ransom by encryption.
- Ransomware typically only affects local files. Having web-based backups can help mitigate the damage ransomware can do.
- However, it’s only a matter of time before cybercriminals figure out how to get into web-based applications.
- If your security does not improve accordingly, you will eventually be targeted and affected.
- Always have backup data, even if your files are in the cloud. Learn more about backing up your files in the full episode!
Tom: “[Cyber criminals], they've got budgets, they track ROI on what's working, what's not working, and they're constantly evolving. Unlike businesses, they don't have to follow the rules.”
How Phishing Works
- Phishing has also grown increasingly convincing.
- Phishing emails now utilize understanding psychology and social proof.
- Cybercriminals know that around 4 pm is the prime time to send phishing emails since people’s mental energies are already down.
- There are cases where attackers have the exact signatures of who or what they’re pretending to be. They even use legitimate-looking websites—even tech-savvy lawyers have been fooled by phishing emails.
Tom: “If you do routing transfers, always call and verify the routing number 100% of the time. You've got to have that process in place in your practice.”
Why People Don’t Get Insurance Against Cyber Attacks Today
- While people are becoming increasingly aware of cyber insurance policies, some don’t like dealing with insurance agents.
- People may also not understand the risk of cyber attacks today and don't see the need for security policies.
- In addition, the application process may contain many technical questions which can be intimidating.
- With no need for an application process, Security+ prides itself on making things simpler for its users.
Lacking Framework #1 Lack of Awareness
- The ABA TechReport of 2020 shows that 29% of lawyers have been breached by cyber attacks.
- If this happens, you're obligated to file a notice of data breach with your district attorney's office, which harms your reputation.
- If you don’t protect your business against cyber attacks today, your hard-earned reputation may suffer.
- Some law firm owners think that cyber attacks won't happen to them just because they're smaller. However, nothing could be further from the truth.
Tom: “Again, that landscape is changing continuously. Employees are actually one of the biggest threats. You know, most of the damage is not done intentionally.”
Lack of Awareness Leads to Inaction
- When we believe we won’t get affected, we fail to take action.
- People often reuse their passwords.
- Data breaches happen more often than we think. Compromised data is just the first step.
- This data is sold on the dark web, which criminals will use to access critical files and accounts.
- Change your password every time you suspect it has been compromised.
Tom: “If I found out that criminals had a key to my house, I would go and change the locks. I would want to know about it as fast as I can.”
Lacking Framework #2 Lack of Time
- Overwhelm is a challenge for many small firms and solo lawyers.
- What most business owners need to understand is that you can’t do everything yourself.
- Stop obsessing over what needs to be done and start thinking about who can do it for you.
- Before we master anything, we need to master our time.
Tom: “You must become a master of your own time. You can accomplish a million times more if you stop asking how and start getting who’s.”
Lacking Framework #3 & #4: Lack of Clarity and Implementation
- The cybersecurity industry has so many solutions, so it's easy to get overwhelmed.
- No one solution can give you maximum protection; security is all about building multiple layers.
- This lack of clarity will often lead to a lack of implementation.
- If you're not confident with what you're doing, it becomes too easy to do nothing. Inaction puts you at risk.
What Security+ Offers
- Tom shares the eight security layers of Security+.
- These are cybersecurity training, security templates, dark web monitoring, phishing training, proactive monitoring maintenance and patching, insurance policies, and team-based password vault.
- The base price is $97 with an increase of $49 per user, making the service perfect for small firm owners.
- Learn more about the benefits of having Security+ for your firm in the full episode!
Don’t Wait After An Attack
Moshe: “You owe it to yourself to make sure that you're protected so that you don't end up falling victim to this.”
- Cyber attacks can harm your finances and reputation. Take preventive measures now.
Tom: “Don’t wait until it happens. 29% of lawyers that have been breached, the odds are not in your favor. So you got to do something now.”
Tom Lambotte is the founder and CEO of Security+, the first and only comprehensive cybersecurity solution built and curated for solo and small law firms. He is also the founder and CEO of GlobalMac IT, a firm specializing in supporting law firms that use Macs.
Tom helps law firms grow efficiently through effective management. He provides leadership and direction to transform law firm operations, boost profitability, and reduce the risk of getting hacked by leveraging technology. Tom’s methods are based on over 15 years of research, testing, and real-world refinement of best practices working directly with solo lawyers and small to medium-sized firms.
Tom is also the author of Macs in Law, an excellent guide to helping lawyers use Mac effectively. He also wrote Legal Boost: Big Profits through an I.T. Transformation and Hassle Free Mac IT Support for Law Firms. His works have also been published in numerous leading legal publications, including Attorney at Work, Law Practice Today, and Solo Practice University. His weekly vlog Stupid Simple Security Tips is read by thousands of lawyers and provides simplified recommendations to help stop law firms from getting hacked.
Interested to know more about Tom’s work? Visit GlobalMac IT and Security+.
Connect with Tom: Email | LinkedIn | Twitter
Enjoyed this Episode?
If you did, be sure to subscribe and share it with your friends!
Post a review and share it! If you enjoyed tuning in, then leave us a review. You can also share this with your friends and colleagues so that they can gain more insights into how to protect themselves from cyber attacks today.
Have any questions? You can contact me through Facebook and LinkedIn. To request a show topic, recommend a guest or ask a question for the show, please email [email protected].
For more episode updates, visit my website. You can also tune in on Apple Podcasts.