CEO Jeremy Samide sums up the threats to law firms:
Law firms have become prime targets for cyber attacks as they hold many of the secrets to theirbeloved clients to include big organizations, CEO’s, celebrities and the like. In this cyber cold war, the words “privileged and confidential” are taking on new meanings and becoming more difficult to uphold. Access to unfiltered communications, documents, contracts and signatures to inherently sensitive information is up for grabs and eventually in many cases, up for sale. Ransomware has also become a problem within law firms. Many attorneys still today, believe that if something is stamped “privileged and confidential” it is immune to the bad actors who are constantly finding new subterfuges into law firms wreaking havoc and stealing proprietary information to either exploit, destroy, expose or sell on the dark web.
In many cases, law firms that specialize in patent, trademarks and intellectual property are considered an even greater risk as they are top on the list for many state sponsored hacker groups around the world. We have witnessed companies that have invested hundreds of millions of dollars in research and development, win patents and trademarks only to have the fruits of their labor erode over a short period of time as hackers ransacked their corporate servers as well as the servers of their law firm where most of their patents and trademarks were filed backed by thousands of research documents.
There are viable solutions that can help protect and mitigate the risk of the next cyber attack within law firms. Stealthcare’s managed services, education & training, and threat intelligence can help with all of these.
Law firms being targeted by hackers or hacker groups hasn’t been in the headlines lately, as the banking/financial industry, healthcare industry, and federal government have been. However, they are still targeted by hackers and other cyber threats for many of the same reasons. Law Firms are host to sensitive client data, intellectual property (trade secrets), and yet typically have shockingly weak security.
Due to the aforementioned factors, we believe law firms are the next frontier for hackers. Experts agree that many hackers view law firms as “one-stop shopping” for electronically stored information—accessing both the law firms’ information as well as the clients’. And law firms generally have lower security than most of its corporate clients’ Law firms don’t necessarily have the latest firewalls and network security tech. They also don’t have strict cybersecurity regulators like the FDIC for the banking/financial industry, for example.
Law firms are indeed victims of cyber threats, and hackers in particular. However, individual cyberattacks often go unreported, both to authorities and the public. According to Citigroup, “it makes sense that law firms would be attractive targets given that they regularly access and store sensitive client data as part of their day-to-day operations.” According to Cisco’s 2015 Annual Security Report, law firms ranked as the “7th highest target for cyber criminals last year…2015 was the first year that the legal industry made the top ten most targeted verticals in Cisco’s report, indicating a nearly 50% year-over-year increase in the likelihood that law firms would be encounter malware attacks.”
Law Firms Have a Duty to Protect Client Information; Those That Don’t Will Lose Those Clients
As law firms continue to face cyber threats, and in refusing to upgrade their cyber defenses, the likelihood of experiencing a cyberattack increases. As a result of poor cybersecurity implementations, “law firms will undoubtedly start losing clients as the unregulated ‘business grapevine’ starts spreading the word about sensitive data lost.” With the threat of losing clients, it’s critical for law firms to start employing better cyber defenses and protecting their client data. “Specifically, per ABA Model Rule of Professional Conduct 1.6(c), which was recently adopted, ‘ [a] lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.’ This means that attorneys entrusted with confidential or personal data are the guardians of that data.” As clients do business with law firms, they generally assume that law firms have the correct cyber defenses in place to protect their data. If clients find out that these law firms lack the proper security protocols, especially the smaller firms, their client base would diminish, which would ultimately be bad for business.