We Provide Representation in Pennsylvania
We Provide Representation in New York
We Provide Representation in New Jersey
We Provide Representation in Florida
We Provide Representation in West Virginia
We Provide Representation in Delaware
We Provide Representation in Maryland

Law Firms are Prime Targets for Data Breaches and Cyber Theft

MSZL&M is serious about our clients’ data security.

Cyber theft is on the rise, and law firms, with minimal cybersecurity defenses and a treasure-trove of sensitive and confidential data, are the latest targets. While the majority of high-profile data breaches have targeted financial institutions, retail establishments, and medical providers, breaches and security concerns have recently increased for law firms.

Sensitive and Confidential Information

Law firms typically create and store a broad range of confidential, sensitive and important information on their own clients, as well as information relating to their clients’ competition and opposing parties obtained through discovery. This data includes personal identity information such as social security numbers and dates of birth, financial and medical information, as well as corporate policies, transactions, plans, and other trade secret data. This confidential information makes law firms attractive targets for cyber thieves. 

Easy and Efficient to Hack

Through one attack on a law firm, a cyber thief can obtain various types of information more efficiently than hacking separate financial, medical and corporate targets from which only a partial piece of the sought-after information may be gained.

Law firms are also considerably easier to hack than corporations, financial institutions and medical providers that are required to comply with government regulations and industry standards. These entities have also confronted the problem of cybersecurity for years by enacting strict IT policies and procedures, as well as implementation by knowledgeable IT staff.

On the other hand, the majority of law firms are operated by lawyers who may lack sufficient technical knowledge and fail to appreciate the risks associated with cyber theft. Generally, law firms are also not subject to government or industry standards relating to cybersecurity. Finally, lawyers’ propensity for working not just in their offices but from home, court, and the offices of their clients, for the sake of convenience, often exposes data in their firm’s possession to further avenues of attack. 

As an example, a cybersecurity firm recently conducted a test hack of a technology company. The firm reported that after considerable effort of man-hours and time, it was successful in obtaining some of the company’s data. In contrast, a similar test hack of a law firm required only one or two days to gain control of the law firm’s entire network. Hackers can more easily obtain the desired information not from their actual targets, but rather from the targets’ lawyers, who are much simpler to hack.

Security Measures at MSZL&M

MSZL&M employs a veteran third-party network and cloud service provider, whose primary objective is to manage our computing systems and oversee protection of our clients’ data. By employing IT specialists, we take information security seriously, enacting policies and procedures to manage and maximize the security of our clients’ sensitive and confidential data.

Additionally, we are aware that email is an inherently insecure and outdated method of communication. However, it remains a popular method of interacting with clients, counsel, experts, medical providers and the courts. At MSZL&M, we have instituted an email encryption policy in which emails originating from our firm that contain any sensitive or confidential information such as social security numbers, financial, medical, HIPPA or similar information are automatically encrypted and can only be read via a secure portal. This encryption policy supplements various systems of email protection guarding against viruses and phishing attacks aimed at giving hackers access to the firm’s computer systems.

Cybersecurity for law firms is no longer an option. And while research shows many law firms taking a wait-and-hope-for-the-best approach, at MSZL&M we are meeting the threat of cybersecurity head-on.

 


Mintzer Sarowitz Zeris Ledva & Meyers L.L.P. publishes this site to provide general information regarding certain fields of law to our clients and friends. As every situation is unique and the facts and advice would vary with individual circumstances, the information contained on this site does not constitute legal advice. Transmittal of information from this site or any use of electronic mail is not intended to create or establish an attorney-client relationship between Mintzer Sarowitz Zeris Ledva & Meyers L.L.P. and anyone else. Do not send any information until you speak with one of our attorneys and receive authorization to do so. If any communication from this site is not in conformity with the rules and regulations of any state governing lawyer conduct, Mintzer Sarowitz Zeris Ledva & Meyers L.L.P. will not accept representation which is based on such communication.
 
Mintzer Sarowitz Zeris Ledva & Meyers L.L.P. has offices in Wilmington, DE, Philadelphia and Pittsburgh PA, Wheeling, WV, New York and Long Island NY, Cherry Hill NJ, Miami and Tampa, FL. None of the attorneys listed in this Web site are certified as an "expert" or "specialist" pursuant to any authority governing the practice of law in the State of New York.