- Professional obligations to maintain confidentiality and privacy cannot be outsourced to IT providers and Managed Service Providers (‘MSPs’).
- Be proactive in understanding your practice’s cyber security profile – do not regard it as a ‘set and forget’ issue.
- Consider obtaining external help to identify cyber/IT risks where appropriate.
Information Technology, or IT, can increase a law practice’s productivity, enable higher quality services and facilitate client introductions and engagement. It is imperative, however, that law practices are aware of the inherent risks associated with IT, as financial and reputational damage due to hacking, data loss and other adverse events has put some legal practices out of business.
For example, if your practice relies on email for communication, your business is potentially exposed to phishing, business email compromise fraud, payment redirection scams and ransomware. In more sophisticated cases, hackers can impersonate you and your practice to your clients and email them fake invoices, or bogus payment directions.