Spurred on by rules requiring greater expertise in lawyers’ use of technology, bar associations spend an increasing amount of time educating their members about cybersecurity best practices. But what do bars themselves do to protect their own email, member data, and other confidential information? After all, most are small- or medium-sized organizations that are subject to attack just like other businesses.
“We take a shotgun approach, in that we try to cover all our bases,” says Jason Cecil, chief technology officer at The Missouri Bar. “In the old days, you used to focus on your perimeter. These days, you’re focusing everywhere: outside your perimeter and inside it.
“The only real way to do that is through an overall security strategy. It’s something that has to be documented, where you map out all the areas that you have to protect.”
Cecil cited measures such as stronger firewall hardware and software, greater protection against malware, and email encryption as some of the ways his bar has upped its security game. He also noted a key element that other IT professionals interviewed for this article put at or near the top of the list: making sure bar staff knows how to handle phishing and other attacks directed at them, mostly through email.