- Why Cybercriminals Attack Law FirmsPosted 3 weeks ago
- Firearms Owners Need a Gun TrustPosted 3 weeks ago
- From a War of the Roses to a Meeting of the MindsPosted 3 weeks ago
- Acquiring a Law Firm May Be Smarter Than Starting from ScratchPosted 3 weeks ago
- Immigration Enforcement Under the Trump AdministrationPosted 3 weeks ago
- Avoiding Business Identity TheftPosted 3 weeks ago
Why Cybercriminals Attack Law Firms
By Craig A. Petronella
Last December, Chinese hackers tried to breach the computer systems at several big law firms including Cravath Swaine & Moore and Weil, Gotshal & Manges looking for data to exploit insider trading deals, according to the The Wall Street Journal.The alleged attackers attempted and succeeded in accessing data over 100,000 times and were never detected. Their network was like a revolving door, the Journal reported.
“This case of cyber … fraud should serve as a wakeup call for law firms around the world. You are and will be targets of cyber hacking because you have information valuable to would be criminals,” said Preet Bharara, the United States attorney in Manhattan.
But it’s not just mega-firms that are at risk. Small and mid-size law firms may be exposed as well. Firms that handle credit cards and firms that are required to meet HIPAA rules and regulations are particularly tempting targets for hackers.
CYBERSECURITY AND MALPRACTICE
In December of last year, an unsealed lawsuit alleged that 100-partner, Johnson & Bell, a Chicago firm committed “malpractice” through shoddy cybersecurity. While the final outcome of the suit is pending, “the action may be a kind of test case for future law clients looking for leverage over firms they feel carelessly exposed confidential data to hackers,” said Andrew Stickler of Law360.com.
“The plaintiffs alleged the firm’s file and online systems were rife with ‘critical vulnerabilities’ primed for hackers, even as Johnson & Bell presented itself publicly as a cybersecurity expert,” reported Law360. com. “The complaint does not point to any specific data breach or loss of confidential information suffered. Instead, it focuses on a broader alleged failure to reasonably protect sensitive client data, particularly through an online attorney time-tracking system and the use of a virtual private network, or VPN.”
“Notably, the suit (against Johnson & Bell) also refers to newly strengthened professional conduct rules on client confidentiality and electronically stored data. Following ABA Model Rule changes since 2012, some of the changes were adopted in Illinois last year and went into effect in January 1, 2016,” reported Law360.com.
Your firm may already be under attack and you may not even know it. Hacking instances at law firms are rarely reported. Many technology specialists say the problem is likely bigger than the industry realizes because many online attacks go undetected.
“As stricter conduct guidelines are adopted around electronic data, courts will move toward a stricter view of liability of firms with less-than-stellar security practices,” said University of Denver’s Sturm College of Law’s Wald. He also noted that the spread of cyber-attack insurance might be a deep pocket for malpractice claims to target in the event of a known cyberattack.”
ARE YOU AT RISK?
Here are some questions to answer to determine what your exposure may be.
If you can’t place a confident check-mark by all those questions, you’re at risk. In fact, you may already have been hacked and don’t yet realize it.
We are in the golden age of cybercrime. Hackers seem to up their games on a regular basis. After all, it is their “job.” And they’re always looking for ways to advance in their chosen field.
And don’t underestimate the value of your information to hackers. Even if you don’t store credit card information, even if you’re not subject to HIPAA regulations, your information is still valuable.
A login to a single iTunes account is said to be worth $8.30 to a hacker, so how much more valuable is the client information you’re storing?