Information To Protect What You Grow

Law Firms Remain a Prime Target for Cyber Criminals

Written by Jeffrey Forbes | Feb 14, 2019 2:00:00 PM

The Dark Overlord hack stands at the intersection of a number of prominent issues in the modern world: terrorism, cyber warfare, confidentiality and privacy. On New Year’s Eve, 2018, a group of hackers calling themselves Dark Overlord stated they had hacked confidential legal files related to the insurance litigation that followed the 9/11 attacks. The hackers demanded a ransom from the law firm from whom the information was stolen. Apparently, the ransom was paid but the law firm breached the terms of the ransom by reporting the breach to law enforcement. Now the hackers have threatened to sell the information online through the dark web.

Law Firms Are A Favorite Target For Cyber Attacks
Law firms are uniquely vulnerable to cyber attacks. They possess treasure troves of highly valuable confidential information. This makes them high profile targets for certain kinds of hackers, especially those allegedly interested cyber espionage (be it business or nationally oriented) or the exposure of embarrassing information. At the same time, lawyers constantly need to communicate sensitive information to clients and third parties, including the sharing of a large number of electronic documents. This increases the possibility of accidentally granting a hacker access to your system as well as increasing the possibility of island hopping, where a hacker gains access to a target by first hacking a trusted partner of the target. Law firms have consistently risen up the ranks of industries most targeted by hackers for these reasons.

Law Firms Are Usually Behind In Cybersecurity Technology And Practices
At the same time, law firms have often lagged behind other industries in having aggressive cybersecurity management. American Bar Association surveys have often shown that fewer than half of law firms engage in basic cyber security protocols like encrypting emails or the use of disaster recovery technology. Only 26% of law firms report having an incident response plan. Yet the number of law firms reporting a data breach increased by 25% last year. And only 26% have some form of cyber liability insurance.

Law Firms Have A Duty To Their Clients To Keep Their Data Safe
Given the sensitive nature of their work and the ethical requirements related to maintaining confidentiality, law firms need to do a better job of protecting their cyber infrastructure. Incident response plans are easily scalable to the size of the firm. Employee training can also go a long way to increase a company’s cyber security. Simple steps like encrypting emails and hard drives make it far harder for third parties to gain access to third party information. And cyber insurance is available as an add-on to many attorney malpractice policies for a small added cost.

Clients Need To Be Careful How Sensitive Data Is Transferred To Their Lawyer
As for clients, they need to do their due diligence to ensure the firms they work with are taking the necessary precaution to protect sensitive data being turned over to attorneys. High profile clients have started to move towards including cyber security requirements as part of their retainer agreements. Protecting client information has been part of a lawyer’s job for centuries. The invention of the computer and the internet has not changed that.