Most people have elevated stress during the holiday season — work, travel, family, money, time. And holiday stress can make people inattentive, tired, frustrated, and willing to take short cuts, especially when it comes to computer and Internet use. This is when mistakes happen. It’s when we decide to evade policy by emailing work home or by using the unsecured airport Wi-Fi because our plane is delayed. It’s also when malicious acts of information theft, sabotage, and fraud can more easily occur and go undetected.
According to a recent survey, insider threats — as opposed to outside actors — can account for nearly 75% of cyber incidents. These incidents occur because of the actions of employees, suppliers, customers, and previous employees. Law firms are not exempt, particularly small to medium size firms. In fact, smaller firms typically have fewer resources to devote to cybersecurity and use more outside suppliers.
End-of-year activities for law firms also make them especially vulnerable to insider threats, whether inadvertent or malicious: the push to bill and collect for more hours, time-sensitive legal matters that must be resolved before the end of the calendar year, attending to year-end tax accounting, case and client review, bonus calculations. Lawyers and their staff feel the strain of extra hours, looming deadlines, and sometimes contentious clients at the same time we all feel holiday pressures at home.