Why Cyberthieves Find Small Firms Attractive

Verizon recently released its annual Data Breach Investigations Report with interesting (though not necessarily new) findings.  The 92-page report is definitely not for the faint of heart but I’ll admit reading it required some serious technical concentration.  The report was conducted by Verizon’s RISK Team in cooperation with the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit and the United States Secret Service.  The statistics are genuine and genuinely terrifying! The most relevant data (for the purposes of today’s blog) was that smaller businesses (100 or fewer employees) were more likely than larger companies to be targeted by cyberthieves.

In the immigration practice world, the majority of the non-profits, community-based organizations and immigration boutique firms currently operating in the U.S. would be considered “smaller businesses!”  Larry Ponemon, Director of the Ponemon Institute (a research think tank on data security which I’ve previously written about), is quoted in the Wall Street Journal stating, “Small businesses feel like they’re immune from cybercrime, and they’re wrong. They are absolutely on the list of potential targets of cybercriminals.”

 

The Ponemon Institute reports the average cost is $194 per record for a data breach to a company.

For smaller companies, the Verizon report explains, their size makes them a prime target for cyberthieves because they typically devote their limited resources to areas other than data security and seldom employ technology experts on a regular and full-time basis to address data security concerns.  Further, smaller firms might also rely on out of the box technologies rather than more robust, tailored controls that larger organizations might employ.

How does this relate to immigration practitioners?

Immigration attorneys typically fall into two camps, business managers and legal authorities.

Immigration attorneys who are legal authorities thrive on keeping up with the law.  They cull all the vast immigration legal knowledge they’ve acquired through years of practice and dispense it in various ways.  Some attorneys provide vibrant blogs, postings and tweets.  They attend various government stakeholder meetings and conferences.  They read news updates and author scholarly articles for publication.  They speak at immigration seminars and conferences.

Immigration attorneys who are business managers actively track various business processes.  They assess ways the law practice can increase revenue or funding through marketing, advertising or networking.  They streamline business process efficiencies by researching case management software and tracking billing.  They improve client satisfaction and maintain employee harmony by managing office crises. They also manage liabilities to the practice (including data security liabilities). In short, they “manage” the operations aspect of running the law practice. Law practices must have equal parts legal authorities and business managers in order to thrive and succeed. Particularly in firms with fewer than 100 employees (the majority of immigration practices in the U.S.), business management is a critical component to not only staying viable, but significantly reducing legal and financial risks. Certainly, practitioners need not become cybersecurity experts.  Software vendors who have appropriate mechanisms can assist with cybersecurity and partner with practitioners in this area.  Assessing the threat landscape can also be as easy as asking the right questions:

One of the biggest pieces of advice the experts in the Verizon report ultimately recommended was for small organizations to invest (purchase) security software to protect their data and assets.  As practitioners, it’s easy to believe that becoming a legal authority will make us better attorneys all the while forgetting about important business management issues, such as cybersecurity.  This is precisely the mentality that could allow cyberthieves to puncture vulnerabilities within your organization. Fortunately, it is not a zero sum game.  Practitioners can strive to be legal authorities and steadfast business managers.  If you’re reading this blog, you are well on your way.  If you haven’t subscribed to our blog, please subscribe to our newsletter to get immigration practice updates.