Law Firm Group Newsletter – Spring 2020
Matthew L. Weiskopf, Chris Fritsch, Julie O’Connor

Cybersecurity Requires an Incident Response Plan


Law firms continue to increase their focus on cybersecurity, but according to the American Bar Association’s (ABA) latest Legal Technology Survey Report, only about one-third of respondents have an incident response plan. As the ABA notes, all law firms need tailored cybersecurity programs and having an incident response plan is a critical part of such programs. This blog looks at how a law firm’s response to a data breach will go a long way toward mitigating — or exacerbating — financial and reputational costs.

Why Your Law Firm Needs a Plan

Law firms are vulnerable to both internal and external incidents. Whether it is an attorney losing a device containing confidential information, an administrator falling prey to a phishing or ransomware attack, or a hacker targeting the firm, the consequences can be devastating.

That is why your law firm needs to establish a formal plan that outlines procedures to stop the breach and restore affected systems. A structured response will prove much more effective than an ad hoc, heat-of-the-moment response. For example, imagine the time and expense that will be saved by having the contact information on hand for the qualified (and insurer-approved) vendors you need to effectively respond.

Related Read: Law Firms are Prime Targets for Hackers — Do You Have a Cybersecurity Plan?

Where to start

The first step is to assemble an incident response team (IRT). According to the Ponemon Institute’s 2019 Cost of a Data Breach Report, the formation of an IRT reduces the total cost of a data breach by an average $360,000, from the mean cost of $3.92 million. The team must, of course, be equipped with the talent, authority and tools it needs to achieve such savings.

Ideally, an IRT is cross disciplinary, with representatives from areas including management, IT, human resources, finance/accounting, marketing and client relations. Assign each department specific roles and responsibilities in the event of a crisis. It is best to designate two representatives from each department to increase the odds that someone will be available when an incident occurs.

What to Include in the Incident Response Plan

You can base your plan on reputable standards, such as the National Institute of Standards and Technology (NIST) framework, considering your state’s relevant laws, regulations and ethics rules.

Regardless of the model you follow, your incident response plan must cover a range of issues, including:

  • Incident Reporting and Confirmation
    Establish a mechanism for attorneys and staff to report suspected incidents. Give the IRT the authority and flexibility to promptly respond to reports in order to determine their validity.
  • Investigation/Mitigation of Loss and Business Disruption
    Forensic consultants can help your firm find the source of a breach and respond appropriately (for example, by quarantining affected devices, systems and servers). While loss mitigation and the return to normal operations are paramount, evidence preservation for prosecution purposes and the protection of attorney-client privilege also are essential considerations.
  • Recovery
    Mandate testing and validation of all systems before they are restored to use. Putting this requirement in writing will make it easier to resist the pressure to restore systems prematurely in order to avoid further damage.
  • Notification
    Failing to comply with the strict statutory notification requirements (while also adhering to ethics rules) can lead to stiff penalties and other repercussions. Notify the relevant insurers as soon as possible, as well, to avoid forfeiting coverage.
  • Training/Drills
    Ponemon reports that the formation of an IRT, combined with testing of the plan (for example, in tabletop exercises), reduces data breach costs more than any single security process.
  • Review/Lessons Learned
    Have the IRT conduct a post-mortem after any incident to determine what went right and what went wrong, and then revise the incident response plan going forward.

An ongoing process

With many employees working remotely due to the COVID-19 crisis, cybersecurity is more important than ever. Remember, drafting an incident response plan is not a one-off task. Cyber threats evolve constantly and firm operations and personnel change, making it important to have your IRT meet and update your firm’s incident response plan regularly.

For more information, contact Matt L. Weiskopf at [email protected] or call him at 312.670.7444. Visit ORBA.com to learn more about our Law Firm Group.

Why Correct Contact Data Is Critical During the COVID-19 Crisis


As the COVID-19 situation is rapidly unfolding, it has never been more important to be able to effectively communicate and maintain relationships with your core constituencies – but this can be challenging. We are hearing from firms across the country that are working frantically to issue relevant guidance to clients and key contacts, but many are struggling due to the quality of their data. Having correct, current and complete contact data is essential to all businesses. But times of crisis such as these, where conditions are constantly evolving, necessitate sending time-sensitive and sustained communications as well as focused outreach to provide essential information for clients and contacts.

Underpinning the success of effective communication is a realization that correct contact data is critical. Dated, incomplete or inaccurate contact data can undermine the process, increasing the time it takes to disseminate critical information. Additionally, without accurate contact information, the time and effort spent researching, writing and producing important information for your clients or contacts will be wasted if it doesn’t reach the intended recipients.

The scope of the problem is significant. Some statistics show that, without regular attention and maintenance, up to 30 percent of data degrades each year. So, if you haven’t been diligent in regularly maintaining your contacts, lists and other data, you may find yourself unable to get your message out to your key audiences.

Right Message, Right Audience

Complicating the communication situation, recent reports indicate that organizations are currently seeing more than a 100 percent increase in email traffic during this crisis. Understandably, many are trying to provide ongoing access to relevant information for their clients and other contacts as the crisis continues. However, it is vital to be sure to communicate the right messages to your clients and other key audiences.

Specific individuals may have different concerns, and certain industries or areas may be experiencing different impacts from the pandemic, so it’s important to tailor your information to the needs of each audience and to differentiate your message to ensure that it will be impactful during the email deluge.

Firms that have maintained a consistent and sustained commitment to regularly cleaning and enhancing their data are better able to successfully target their contact lists by location and/or job title and segment their company lists by industry and/or geography to ensure that their messages are appropriate to the unique needs of each individual or company.

What to Do Now

If you are finding that poor data quality is hindering your ability to communicate effectively, there are a number of steps you can take to enhance the deliverability and impact of your eMarketing:

  • Test Your Lists
    Email and event marketing lists can quickly and easily be put through an automated validation process before attempting to send communications. Rather than trying to manage a large number of bounced communications that did not reach recipients, this process will allow you to update contact information in advance of sending your email campaign to ensure that most of your messages get delivered.
  • Regularly Research or Remove Bounces
    After each campaign or send, if you still have emails that bounce, try to identify those contacts’ current information and update it so that future communications will reach them. If you don’t have the time or resources for this research, the bounced contacts should be removed from all mailing lists to avoid resending additional emails to them. Repeatedly mailing to bad email addresses can cause your your firm’s online email sending reputation to be tarnished and your communications could be blacklisted by organizations that track and report on email spam.
  • Clean Your Data
    There is no substitute for a regular routine of automated data cleaning and manual data stewarding by trained professionals to keep your most important contact lists up to date. If you don’t have the internal staff to tackle this job, full- or part-time outsourced data quality professionals can be hired quickly and inexpensively for limited or ongoing data quality projects.
  • Leverage Technology
    Enterprise Relationship Management (ERM) systems can be used to regularly update contacts using presumptively current and valid information captured from the signature blocks of emails. Regular review by a trained data steward is essential to update this information across firm systems. Additionally, statistics show that today only about 25% of a professional’s contacts are added to their address books. An ERM system will help you to capture and deliver the remaining relevant new contacts into your CRM so they can be added to communication lists. These systems can also help identify the professionals in your organization with the strongest relationships with those contacts, and certain eMarketing systems will even allow you to send emails on your professionals’ behalf, thus increasing open rates.
  • Reach Out for Assistance
    Don’t go it alone or try to reinvent the wheel. There are a number of places you can go to research data quality, and there are numerous trained experts you can reach out to for help. The Data Quality team at CLIENTSFirst is always happy to share information, ideas and best practices for data quality success. Please contact us if we may be of service.

Another Important Message

The need for timely communication during a crisis clearly underscores the importance of reliable data. Hopefully, organizations will remember the lessons learned and commit to making sure their data quality is maintained long after this crisis has passed.

Perhaps even more important to remember is that the current demand for accurate and timely information is married to the stronger than ever desire to stay connected as individuals. With social distancing continuing, the need for a personal connection becomes more important than ever – and your communications and messages should take that into account. Take the opportunity to deliver important information and make a personal connection – and you will be remembered.

Related Read: Gaining a Competitive Advantage: Putting a CRM System to Work for Your Law Firm

If you need help with CRM or Data Quality or require extra staff to assist with a higher volume of data or communications, please contact Chris Fritsch or Julie O’Connor at 404.429.9914 or visit clientsfirstconsulting.com.

Forward Thinking