The legal industry is facing its most challenging obstacle to date and it’s not from judges, court cases, the mafia, felons or any of those things you might guess. Instead, these attacks against law firms are coming from hackers. Once viewed as impenetrable to hackers, today’s law firm is just about as likely to be hacked as any other business.
John Sweeney of LogicForce explains: “Law firms are the subject of targeted attacks for one simple reason,” he recently said. “Their servers hold incredibly valuable information. That includes businesses’ IP, medical records, bank information, even government secrets. For hackers looking for information they can monetize, there is no better place to start.”
His comment highlights a growing problem for the legal industry. Each day, they are faced with new and practically unstoppable cyber-crimes. One of the most startling aspects of this troubling trend is that many times, the law firm doesn’t even know it’s been hacked. A 2016 study done on this topic showed that 40 percent of the law firms that were breached had no idea that a crime had been committed. This is disturbing on several levels.
If you’ve recently done business with a law firm, there is a possibility that your business, personal and/or financial information could already be in the hands of hackers on the other side of the world.
A global problem for law firms
The fourth largest law firm in the world, Mossack Fonseca lost 11.5 million files from its database. The information was eventually shared with journalists, the BBC and newspapers. This offshore law firm specializes in helping wealthy clients hide their money. The documents that were leaked contained highly sensitive information about wealthy clients and their offshore tax schemes.
Mossack Fonseca’s client base also included national leaders and well-known politicians. The documents that were leaked held clear evidence of how and where large amounts of money were hidden by illustrious leaders like Vladimir Putin. Embarrassing revelations were made public such as how British prime minister, David Cameron’s father, had been avoiding paying taxes in Britain for many years. Any law firm would find it difficult to recover from such a devastating breach of security.
Solving the problem
For most companies who are breached by cyber thieves, the recovery process begins with contacting those who were affected while stopping any other data leaks. With law firms, this process usually begins with helping the firm to find out whether they’ve already been a victim of a cyber-crime. This requires experts in cybersecurity who will run a series of tests looking for specific anomalies. Once they find out whether data has been lost, the experts will recommend a course of action. This typically includes securing the data so that no other intrusions will occur, while notifying those who were affected.
Law firm hacking on the rise
In spite of all the hype about hacking and cyber-security, a new report says that 14 million businesses were, in some way, affected by cyber-crimes last year. The experts believe that the reason the number is so high is that most small business owners do not believe they are at risk. This is also true of most law firms. They simply think they are exempt from data breaches. This leaves them even more at risk because they are unprepared.
Senior attorneys don’t fully understand how hacking is done and what types of weaknesses a hacker looks for. The principles at a law firm are often not up to date on the latest techniques that hackers are using. This leaves them defenseless. If you want to defeat an enemy, you must first learn everything you can about that enemy. Very few people including attorneys, understand the science behind hacking.
In addition, lawyers use a wide range of devices from smartphones to laptops and desktop computers. Each device is a potential gateway for cyber-thieves to enter and steal information. With the Internet of Things (IoT) now growing, even appliances in the break room can be hacked.
The recent rise in law firm breaches proves that professionals are still not fully aware of the dangers lurking around us on the internet. Attorneys may be reluctant to spend the money and time on a security team that will come in and create the proper security protocols. But waiting to see will place all customer data at risk. People often tell their attorney sensitive information that could harm their clients in many ways. A data breach is embarrassing and hard to explain to those clients who have entrusted you with personal information.
Preparing for data breaches
A good place to start for a law firm that does not have proper security in place is the American Bar Association’s guide. This comprehensive document includes a great deal of information about preventing cyber-attacks. It also addresses ways to respond once an attack has occurred. Employees should be trained about phishing attacks and this training must be ongoing because the method that hackers use evolves with each new attack.
The managers at a law firm can begin by engaging an outside IT security expert that specializes in legal data. The team of security experts will assess your current level of protection against intruders, then recommend new initiatives. They should institute a regular training program that teaches employees how to spot phishing attacks in emails. Even trained employees may get careless, but continual training helps everyone to remember how important it is not to click on suspicious links or give away passwords.
What a law firm can do today
Many law firms are also writing their own policies about password protection, log-in credentials, and web-surfing. Once you have policies in place that your employees are aware of, you can begin to enforce them and this will help to eliminate threats. Your onsite IT people should be checking weekly for patches and updates to software. New updates should be downloaded as soon as possible.
Regardless of the time and expense of these security initiatives, the alternative could be devastating. One of the most important assets a law firm has is its reputation. Once a data leak has occurred, it’s too late. Legal professionals must do everything possible to prepare and prevent these leaks.
There’s every reason to believe that this digital age will continue to expand across the world. Businesses and the legal industry are facing unprecedented challenges for the future, but there are solid remedies that work. It all begins with realizing how vulnerable you are and how important it is to protect your client’s information. Regardless of the cost, the alternative is just too costly.