Information Security, The CFPB, and Process Serving

Mike Weaver President 360Legal

The Evolution of Information Security in Legal Services

As some of you may know, I have a background in Information Security. In the late ’90s, I was part of a dedicated team specializing in information security technology solutions for the government, primarily the Department of Defense. One of my proudest achievements was leading the initiative to engineer and deploy the first global VPN network using the commercial Internet for the U.S. Air National Guard. Today, VPNs (Virtual Private Networks) and blazing Internet speeds of 200Mbps or higher are commonplace. However, in the late ’90s, VPNs were a novel concept, and typical Internet speeds were measured in Kbps rather than Mbps—remember the days of dial-up? My point is that technology has made significant strides over the past two decades. Unfortunately, one aspect that hasn’t improved is Internet safety. As technology has advanced, so have the capabilities of the Blackhat community, which has leveraged increased bandwidth and sophisticated AI tools to amplify its disruptive efforts. Recently, those of us in the legal services industry have been reminded of the persistent threat of information security breaches and ransomware attacks.

From VPNs to Modern Cyber Threats

A decade or so ago, hackers, or BlackHats, had an abundance of targets to choose from. If you were a small or low-profile firm, you didn’t have to worry as much about Internet intrusions or ransomware; larger companies and easier targets were their primary focus. A basic firewall was often enough to deflect attackers toward less protected networks. However, the democratization of technology and bandwidth has made it easier for hackers to target large swaths of domain names and IP addresses using AI. Today, even someone with basic knowledge, a $200 laptop, or a mobile phone and an Internet connection can pose significant information security challenges for companies.

The CFPB’s Stance on Data Protection

To add to the complexity of Information Security, the CFPB weighed in on August 11, 2022 with Circular 2022-04 that asked the question: “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?” As you can imagine, the answer the the CFBP provided was YES! So as an attorney, firm operations manager, or paralegal, you should be very concerned. Not only do you have the regulatory oversight of the CFPB, but consider the volume of interactions your high-volume Debt Collection, Foreclosure, or Personal Injury firm has with defendants or other civil parties over a year, five years, or ten years. Many of these interactions likely leave the defendants less than satisfied, right? Your firm deals with hundreds of defendants weekly and represents numerous high-profile banks, servicers, and commercial entities.

The Real Cost of Information Security Breaches

Imagine the impact on your business if you were hit with a ransomware attack. I’ve seen several firms go through this ordeal, and many try to resolve it by restoring the latest “uninfected” backup. But what if the hackers are smarter this time? What if the ransomware is so invasive that it infects your backups as well? How long could your operations be down? Once news of your security breach spreads, how many clients would you lose?

The silver lining is that the technology to prevent malicious attacks is neither expensive nor difficult to deploy and maintain. What is costly and time-consuming is dealing with the aftermath of an intrusion. Do you have the internal resources and expertise to fully remediate? Even if you do, how can you be sure that everything has been thoroughly cleansed? If not, what critical elements might you overlook?

Why Your Legal Vendor’s Security Matters

As we have seen recently, the unfortunate reality is that many of the vendors you rely on probably don’t prioritize YOUR information security. When was the last time a Legal Service vendor or a third-party provider discussed your information security when they began working with your firm? A typical SOP vendor might boast about their speed in serving or e-filing your documents. They might even claim to be secure as they hand you their latest SOC-3 audit results and assure you that everything is in order. But that SOC-3 Audit was from January, and now it’s almost October—are they still secure? Never mind them; you are the Client, right? What about your data? Do they have the expertise and technology to protect your information or even to secure their connection to you?

Moreover, it’s crucial to consider whether your legal service vendors, including process servers like 360 Legal, use nearshore or offshore developers in their operations. The use of such developers can significantly impact the security of sensitive document delivery. As we’ve discussed in our previous article on nearshore processing, outsourcing to foreign countries, even nearby ones, can expose your clients’ data to additional privacy risks and potentially violate compliance standards for government-backed mortgages.

360 Legal’s Approach to Client Information Security

While I can’t speak for my competitors, I can confidently tell you that 360 Legal addresses the full spectrum of information security every time we engage with a new client. No matter how you connect with 360 Legal, we ensure your information is handled securely. If use our 360 TotalView customer portal, you can be certain that all communications from your computer to our portal are encrypted and secure. Additionally, we’ve developed a secure desktop app, 360 Connect, which establishes a secure connection between the 360 Network and your network and scans for viruses and malware to prevent any malicious content from crossing between our networks. For larger firms connecting directly to our Service of Process platform, 360 Integrate can set up VPN tunnels between your network’s edge and our datacenter. Traffic inside the VPN is encrypted, ensuring a secure, private channel for data transmission between our systems.

If your legal vendor isn’t discussing information security with you, they probably aren’t prioritizing it themselves. This oversight puts you, your data, and your clients’ reputations at risk. In today’s competitive environment, can you afford to work with a vendor that isn’t secure? At 360 Legal, we are committed to keeping our clients’ data and reputations impeccable.

You, your firm, your clients, and your staff deserve better! Call Us (888) 360-5345 .