Law Firms are Prime Targets for Data Breaches and Cyber Theft
Mar 21, 2018 - News by Defense Counsel
MSZL&M is serious about our clients’ data security.
Cyber theft is on the rise, and law firms, with minimal cybersecurity defenses and a treasure-trove of sensitive and confidential data, are the latest targets. While the majority of high-profile data breaches have targeted financial institutions, retail establishments, and medical providers, breaches and security concerns have recently increased for law firms.
Sensitive and Confidential Information
Law firms typically create and store a broad range of confidential, sensitive and important information on their own clients, as well as information relating to their clients’ competition and opposing parties obtained through discovery. This data includes personal identity information such as social security numbers and dates of birth, financial and medical information, as well as corporate policies, transactions, plans, and other trade secret data. This confidential information makes law firms attractive targets for cyber thieves.
Easy and Efficient to Hack
Through one attack on a law firm, a cyber thief can obtain various types of information more efficiently than hacking separate financial, medical and corporate targets from which only a partial piece of the sought-after information may be gained.
Law firms are also considerably easier to hack than corporations, financial institutions and medical providers that are required to comply with government regulations and industry standards. These entities have also confronted the problem of cybersecurity for years by enacting strict IT policies and procedures, as well as implementation by knowledgeable IT staff.
On the other hand, the majority of law firms are operated by lawyers who may lack sufficient technical knowledge and fail to appreciate the risks associated with cyber theft. Generally, law firms are also not subject to government or industry standards relating to cybersecurity. Finally, lawyers’ propensity for working not just in their offices but from home, court, and the offices of their clients, for the sake of convenience, often exposes data in their firm’s possession to further avenues of attack.
As an example, a cybersecurity firm recently conducted a test hack of a technology company. The firm reported that after considerable effort of man-hours and time, it was successful in obtaining some of the company’s data. In contrast, a similar test hack of a law firm required only one or two days to gain control of the law firm’s entire network. Hackers can more easily obtain the desired information not from their actual targets, but rather from the targets’ lawyers, who are much simpler to hack.
Security Measures at MSZL&M
MSZL&M employs a veteran third-party network and cloud service provider, whose primary objective is to manage our computing systems and oversee protection of our clients’ data. By employing IT specialists, we take information security seriously, enacting policies and procedures to manage and maximize the security of our clients’ sensitive and confidential data.
Additionally, we are aware that email is an inherently insecure and outdated method of communication. However, it remains a popular method of interacting with clients, counsel, experts, medical providers and the courts. At MSZL&M, we have instituted an email encryption policy in which emails originating from our firm that contain any sensitive or confidential information such as social security numbers, financial, medical, HIPPA or similar information are automatically encrypted and can only be read via a secure portal. This encryption policy supplements various systems of email protection guarding against viruses and phishing attacks aimed at giving hackers access to the firm’s computer systems.
Cybersecurity for law firms is no longer an option. And while research shows many law firms taking a wait-and-hope-for-the-best approach, at MSZL&M we are meeting the threat of cybersecurity head-on.