Intensity Analytics
| More
MFA in law firms: Panacea or thief?

by Jonathan Nystrom

The past year has seen more cyberattacks on lawyers than ever before and the problem continues to get worse. More than 80% are the result of misused login credentials, i.e. usernames and passwords. Both Microsoft and Google say that implementing multifactor authentication (MFA) can reduce your risk by 99.9%, and many law firms have taken that message to heart by implementing MFA as part of their cybersecurity program. And it’s working! Microsoft reports 20 billion attacks daily but only about 1 million successful breaches each day. That’s still a spectacularly expensive proposition when you consider that the average law firm breach costs $133,000 and that last year 25% of all law firms encountered a breach.

MFA solutions – tokens, PIN codes, biometrics, and more recently authenticators on phone apps – are pretty inexpensive, with many starting at less than $5/user/month. We wondered how practicing lawyers feel about using these technologies in their day-to-day lives. Certainly, many are grateful for the added protection that supports their ethical duty of care, protects client information, and keeps secrets hidden on a PC or a network… well… secret.

But there is a catch. A prominent technologically sophisticated partner at an NLJ firm told us “this f’ing MFA ensures that I start every day working from home in a bad mood, usually late for my first Zoom call because I can’t get the damn code entered fast enough.” An associate in a mid-sized firm in the Midwest said, “I don’t mind it, but I do usually spend 3-5 minutes going through the MFA process before I am focused and back at work. And every now and then, it’s a substantial waste of time.” And those stories are not unique: Dozens of attorneys told us they wish MFA were easier and took up less time.

Let’s look at the numbers: With a billable rate of $300/hour, a professional’s time is valued at $5/minute. If the login process consumes just 3 minutes a day, that’s a cost of $3,600 per lawyer per year. In a 100-attorney firm, that’s a staggering $360,000 missing from the drawer when it’s time to divvy up compensation at the end of the year!