The threat of hackers has always been a big issue for any industry; however, more recently, hackers have been repeatedly targeting law firms. In the first few months of 2016, big-name law firms like Weil Gotshal & Manges LLP and Cravath Swaine & Moore LLP were breached by hackers. We don’t know the extent of the damage they did or what they stole, and it is understandable that the law firms cannot reveal this information, but the fact that hackers can just enter these systems is alarming. Other law firms also reported that they were targeted by hackers with varying degrees of success.
It is easy to see why law firms are being targeted so often:
Law Firms have a lot of confidential data
No private company has as much damaging information as law firms. Law firms are involved in multi-million dollar lawsuits and have documents pertaining to secret knowledge about the inner workings of their clients. They have access to privileged communication and the attorney-client confidentiality means that clients share information with law firms they wouldn’t share with anyone else. Only hospitals have more confidential information than law firms but the information available to hospitals cannot cause millions of dollars of damage – unlike the information available to law firms.
Law firms have information on cases. Can you imagine how damaging it would be if a law firm’s entire strategy was leaked online for a case? It would result in a mistrial for sure and would make it a pain to further pursue the case. Even if there is no ongoing case, law firms regularly communicate about sensitive matters with their clients and if these communications were to become public, they would tarnish the image of the law firm’s clients.
Confidentiality is sacrosanct in the legal world
The problem isn’t just that law firms have a lot of confidential information – the issue is that no one would want to work with a law firm that cannot keep its data secure. How is a company supposed to provide confidential information to law firms if they know that there is a possibility the law firm will be hacked and the information stolen? Hackers directly affect how people think about law firms. If you get hacked, in any industry, most of the clients will understand that it wasn’t your mistake. This doesn’t work for law firms. People will know it wasn’t your mistake but they still won’t want to work with you because there is too much risk involved.
Law firms have money
People always think that lawyers charge too much – until they need a good lawyer and understand how much of a benefit a good law firm provides. People know that law firms have money and they often try to target them by holding their data hostage. Any law firm will be willing to pay good money if it means preventing confidential information from being leaked. Sure, they will do their best to catch the hackers as well, but their first priority is to ensure that their client’s data is secure. No other industry will be willing to go as far to protect the data of its clients as law firms, and hackers know that.
What you need to do
You need to ensure that you have taken all the steps necessary to keep your data secure.
Anti-virus software on computers
This won’t really help you much when it comes to a targeted hack but it does add to the overall security of your data. Hackers will often use custom designed malware and viruses. Anti-virus software is designed to detect known malware and viruses. See what the problem is?
You don’t have to secure the devices; you have to secure the whole network against any form of attack. This is not an easy task but it is necessary for law firms.
If the exploit used by hackers is newly discovered, no software will be able to help you. The only way to keep our data secure then, is to make sure that the network activity of your law firm is being monitored 24/7. This will allow you to detect and shut down any strange activity happening before it causes too much harm.
People are the weakest link when it comes to getting hacked. Do you know that many companies get hacked because employees plug in USB drives they find lying around the office? You need to train people about data security to ensure they are not the weak link in your security system.