Secure Email for Law Firms during Cyber Attacks

Print PDF

By Gerry Riskin

At the time of writing this, I have just survived a Category 5 hurricane that directly hit the island upon which my wife and I reside. It was life-threatening but we are safe and sound. Nonetheless, there are many things we now know that we should have done to prepare in advance, in order to make the aftermath easier.

A cyber attack on your law firm is the equivalent of a direct hit by a Category 5 hurricane. Suddenly, your systems are compromised, and they are either partially or completely disabled. You are unable to communicate safely internally to your team or with your clients. As a result, your operations are brought to a standstill. Your vulnerability exists whether you are a global giant law firm or a small boutique.

Even though law firms are designed to avoid risk and to find remedies for risk when it rears its ugly head, ironically, when it comes to cyber security, law firms are quite vulnerable. Recent events are a great reminder to me of the value of planning ahead.

Hushmail is a global company that provides a secure email service. They were recently contacted by a Fortune Top 100 company to design an alternative email system that would help in the event of a cyber attack or other disabling disaster.

The Hushmail service is uniquely suited to help in this situation – firstly because of the inherent security built into the system, ensuring confidentiality, and secondly because it can be configured in advance to be completely independent of an organization’s IT infrastructure and therefore immune to a disaster. As a result, when needed, the system can be used by you to communicate securely with confidence as you mitigate the impact of your disaster.

The service is highly configurable so there are many ways it can be adapted to your specific needs. The basics on how it works are as follows:

  1. First of all, you chose a domain to use for your email addresses. The chosen domain will be used exclusively by the users of the alternate email service. For example, if your law firm is called ABC then your secure domain might be ABCsecure.com.
  2. You create your email addresses, for example john.doe@abcsecure.com. The accounts remain active and available until needed or tested as part of your disaster-preparedness.
  3. The service is web-based, and can be accessed anywhere with any modern browser, or by using the iOS app. This lends itself to use by geographically dispersed teams.
  4. One clever little twist is that the service is configured to prevent data leakage, meaning that no one can send email to users who are not on that system (unless specifically permitted to do so). That means that a member of the leadership team cannot inadvertently send an email meant for managing partner Phil Smith to a different “Phil Smith” because of the auto-population of an address field.
  5. Depending on the size of your law firm, you might identify the key team members that need the ability to communicate securely in the event of a disaster. You would configure the service with those users in mind. However, the scale of the event you are dealing with may require expanding its use. The service is a fully functional email service, allowing your practice to provide temporary email accounts for your entire team quickly, as well as a means to import the data into to your systems when needed.

In summary then, the moment a member of the law firm’s leadership team suspects that the integrity of the firm’s privacy has been breached, that individual can safely and securely communicate with some or all of the remaining leadership team.

Why Your Firm? Why Now?

Q. Why should your firm be interested in such a system?

A. With the growing number of cyber attacks against law firms (and their clients), it is only a question of time. It is not “if,” but rather “when.”

You might suspect that an emergency system like the one I have described would cost a small fortune. In fact, such a system is quite affordable.

If you’re interested in pursuing this option, contact me personally. For transparency: I have no shares in Hushmail but consult to its executive team. I can assure you that they are one of the most long-standing and reputable providers of secure email in the world.