Human error remains the Achilles’ heel of law firms or medical practices’ cybersecurity.
As a partner at Internos, I’ve had the privilege of working with legal professionals, and I’m eager to discuss this vulnerability and how law firms and medical practices can fortify their defenses against potential legal consequences.
Understanding Human Vulnerability
Human error is something we have to think about. We are not perfect. We make mistakes. We’re emotional beings and sometimes we’re not at our best.
People, processes and technology determine your level of cybersecurity. When you have amazing tech and don’t have the technical know-how to use it, it’s like having an Boo-horsepower car but you never drive more than 20 miles per hour.
Processes determine your level of organizational security, and together, combined with your people, is how you get the best out of all three elements.
Balancing Accessibility and Security
Achieving a balance between accessibility and security means not taking for granted or making any assumptions about your technology and processes.
Many small business leaders like to think cybercrime won’t affect them. Unfortunately, that belief is challenged when they or someone close to them is targeted.
Here’s the reality: Nothing is more secure or less secure than anything else. Every system has to be properly configured and maintained.
Pll and Leveraging Technology
The number one thing law firms and medical practices need to focus on is protecting PH (personal identifiable information). Ask yourself, “Where do we store and how do we share PII?” That leads us to focus on where you need hardening for protection.
You can follow all the standard practices like updating, multi-factor authentication and SaaS tools, but you need to make sure everything is properly configured and figure out who is accessing what.
Ask yourself, “Am I exposing more than is necessary?” It would be easy to say there’s a one-size-fits-all solution, but because all environments are different, things are used differently, and for many other reasons that aren’t always logical, security solutions must be customized.
The Current Cybercrime Landscape
The rise of cyber incidents and the damage they’ve caused has changed drastically and cybercrime has gone up exponentially in the past three years. You should make sure the premiums you pay out for cyber insurance will give you coverage in the event of an incident.
We, as technology providers, owe it to ourselves and our clients to better educate them on how things have changed. That’s why we take the time to talk about the latest threats with our clients and with others in our sphere of influence, like readers of this magazine.
Cultivating a Security-Conscious Mindset
The biggest failure anyone can have is thinking cybercrime won’t happen to them. It’s also a challenge when business owners are afraid or embarrassed to admit that they’ve been a victim. As experts in this field, we know these crimes are under-reported.
People, processes and technology determine your level of cybersecurity. When you have amazing tech and don’t have the technical know-how to use it, it’s like having an 800-horsepower car but you never drive more than 20 miles per hour.
If people were more open and honest about when things were going wrong, everyone would be more prone to safeguard against these types of incidents, proactively instead of reactively. The strength of a law firm or medical practice’s cybersecurity is not just a matter of protecting PII but also a testament to its commitment to client trust and professional integrity.
Jairo Avila
PARTNER AT INTERNOS
