Blog

 
Blowing in the (solar)winds...
You are the weakest link
MFA in law firms: Panacea or thief?
Intensity Analytics Keystroke Dynamic Analysis for Windows Logons
Out of Sight, Out of Mind, Out of Business
Ambient Authentication
Atomicorp & Intensity Analytics Collaborate to Deliver Identity Assurance Compliance Across Platforms
Secured2 and Intensity Analytics Announce Strategic Data Security Partnership
The Trouble with Passwords*
Collections #1-5 and the Power of Data Aggregation
Customer experience rules the day
Take back your digital identity
Combating Digital Imposters
So, you’re the new GDPR Data Protection Officer — now what?
Intensity Analytics Meets Top Security Challenge for Social Media
The GDPR Looms
Meeting the Challenge of Trust in Teleworking
Intensity & Cohorts
Intensity Analytics Offers Teleworkers and Telework Managers a Power Tool
The Totality of Computer Use
Cost Allocation with Intensity
The Great Migration
Welcome, Anthropologists!
Snacking vs. Dining
Getting RoI out of TCO
Desktop Analytics
Telecommuting Effectiveness
How Big a Sample Set?
You’re Overspending on Software/SaaS/Databases
What’s the PU?
Intensity Analytics
| More
MFA in law firms: Panacea or thief?

by Jonathan Nystrom

The past year has seen more cyberattacks on lawyers than ever before and the problem continues to get worse. More than 80% are the result of misused login credentials, i.e. usernames and passwords. Both Microsoft and Google say that implementing multifactor authentication (MFA) can reduce your risk by 99.9%, and many law firms have taken that message to heart by implementing MFA as part of their cybersecurity program. And it’s working! Microsoft reports 20 billion attacks daily but only about 1 million successful breaches each day. That’s still a spectacularly expensive proposition when you consider that the average law firm breach costs $133,000 and that last year 25% of all law firms encountered a breach.

MFA solutions – tokens, PIN codes, biometrics, and more recently authenticators on phone apps – are pretty inexpensive, with many starting at less than $5/user/month. We wondered how practicing lawyers feel about using these technologies in their day-to-day lives. Certainly, many are grateful for the added protection that supports their ethical duty of care, protects client information, and keeps secrets hidden on a PC or a network… well… secret.

But there is a catch. A prominent technologically sophisticated partner at an NLJ firm told us “this f’ing MFA ensures that I start every day working from home in a bad mood, usually late for my first Zoom call because I can’t get the damn code entered fast enough.” An associate in a mid-sized firm in the Midwest said, “I don’t mind it, but I do usually spend 3-5 minutes going through the MFA process before I am focused and back at work. And every now and then, it’s a substantial waste of time.” And those stories are not unique: Dozens of attorneys told us they wish MFA were easier and took up less time.

Let’s look at the numbers: With a billable rate of $300/hour, a professional’s time is valued at $5/minute. If the login process consumes just 3 minutes a day, that’s a cost of $3,600 per lawyer per year. In a 100-attorney firm, that’s a staggering $360,000 missing from the drawer when it’s time to divvy up compensation at the end of the year!