Video conferencing has changed the game for the legal field – enabling law firms to expand their reach and expedite their meetings. This trend has also opened the door for a rapid escalation of data breaches, as cyber threat actors target sensitive and often valuable client and firm data.
For many firms, 2023 was a major wake-up call, as three of the largest law firms were the victims of cyber-attacks. The attackers exploited a software vulnerability, acquired confidential information, and demanded a ransom in exchange.
In an American Bar Association’s survey from 2022, 27% of law firms confirmed that they had experienced a cyber breach –a likely conservative estimate that has only gone up over the past year.
“I believe that 2023 was really a turning point for law firms, and for their clients as well, in terms of understanding the risks and having expectations for how information is protected,” says Geeth Kulendran, Pexip’s Enterprise Sales Director for EMEA. “In the US, for example, we even saw clients file class action lawsuits against law firms that failed to protect their sensitive data. This is serious, and the expectations regarding protecting client data are only rising.”
With video now serving as a mainstay for legal meetings and proceedings, this medium serves as a gold mine of information for cyber criminals. This has prompted many nations, particularly across Europe, to clamp down on regulation, resulting stricter compliance expectations for corporations across the continent – such as NIS2, the more broadly sweeping cyber security directive from the EU. Data sovereignty regulation, including GDPR, is increasingly pervasive for companies both in Europe and doing business with Europe, which requires organizations to take a closer look at where their data is stored and where it is traveling.
“It’s great to see that the EU and other regions are responding to the changing threat landscape we see today. This means that organizations of all types are expected to step up their risk management measures and take a more proactive approach to cyber threats – including an evaluation of the software and tools they use to do their work,” adds Geeth.
For law firms in particular, information is a critical asset that requires protection. Cyber criminals will often target the legal industry to gain access to personal information, such as names, bank accounts and personal identification numbers. Unauthorized recordings are also a key threat, as video meetings can be a source of confidential information that if exposed can cause reputational or financial damage or loss.
The information surrounding a video conference can also be targeted. This is what’s termed the “call detail record” or CDR, and it may contain data such as usernames, room names and other information that may be considered valuable.
Video meetings have boosted productivity and ease of interaction in the legal world, but law firms must be discerning in their choice of software to combat the increasing vulnerability that this tool represents. Here’s what you should consider when selecting your video conferencing solution:
“What’s key going forward is that law firms take a more proactive approach to cyber security, and that includes a careful evaluation of how their video conferencing tool may or may not represent a vulnerability for them,” says Geeth.
“In order for the benefits of video conferencing to continue to outweigh the risks, firms need to look beyond generic video conferencing platforms and land on a security-first solution that enables them to mitigate cyber risks and stay compliant, even as the threat and regulatory landscapes evolve.”
Pexip can help.
➡️ Learn more about how Pexip Secure helps law firms around the world build secure, compliant and trustworthy video solutions.