Not Hacked or Can’t Tell: Real Problem for Law Firms
Are you not hacked or can’t tell? Hacking, espionage, and other cybercrime have plagued law firms quietly for close to a decade. Only recently, however, have these problems come to light – largely attributable to a substantial upswing in the frequency and severity of these attacks. In fact, experts and analysts suggest that MOST big law firms have been subject to some sort of hacking. Within just the last few weeks, numerous reports of computer hackers targeting top law firms to steal intellectual property data, trade secrets, and confidential client information have begun to crop up across the globe. Law firms’ susceptibility to these attacks continues to grow as hackers become more adept.
Last year, five members of the People’s Liberation Army of China were indicted on charges that they had hacked into computers at six companies, including economic espionage and stealing privileged attorney-client communications in order for a chinese competitor to gain an advantage against the client, SolarWorld, an Oregon-based solar panel manufacturer. Attorney-client privilege of lawyers at a big Chicago-based law firm and officials with the Indonesian government was also breached last February when communications intercepted by an Australian intelligence agency that had ties to the National Security Agency, breaching attorney-client. The American Bar Association sent a letter to the N.S.A. emphasizing the importance that principle of attorney-client privilege is protected. Although the government has ramped up efforts to hold hackers and nations or corporations behind cyberattacks accountable, law firms of all sizes continue to be targeted.
FBI Senior Assistant Special Agent Patrick Fallon Jr., explains this phenomena, describing law firms s a “rich target” lacking “capabilities and the resources to protect themselves.” He told Bloomberg that “Either the firms have perfect security, have been hacked and don’t know, or they’ve been hacked and don’t tell.” Jill D. Rhodes, a co-author of the ABA’s handbook attributes the legal profession’s reluctance to invest in necessary cybersecurity measures.
Jill D. Rhodes, a co-author of the ABA’s handbook attributes the legal profession’s reluctance to invest in necessary cybersecurity measures.Daniel Garrie, founding editor of the Journal of Law & Cyber Warfare , a peer-reviewed publication based in New York City, has said that stolen legal data has accrued a surprisingly lively trade, with everything from commercial reports to emails being sold on anonymous black market websites – and breaching the duty of attorney-client confidentiality.
Attorneys and law firms are not only at a serious risk of losing attorney-client confidentiality by losing confidential information due both intentional hacking as well as accidental losses, such as misdirected emails or texts and lost mobile devices or laptops.
Many clients, such as those in those dealing in insurance and financial services, have begun to proactively investigate the security profile of their existing and prospective outside law firms. As such, law firms are put at a further risk of losing clients if they are not secure. The requisites for true security, however, continue to change as new technologies – and ways to hack into those technologies – emerge. This makes it imperative for law firms to keep up with the security practices of banks, or risk losing their business.
In response to these risks, the American Bar Association has formed a Cybersecurity Legal Task Force and offers a cybersecurity handbook with practical cyber threat information, guidance, and strategies to attorneys and their law firms on how to defend against hacking threats and how to respond if breached.
Unlike many other industries with strict privacy rules for protecting client data, the ABA and state bar associations have provided scant guidance in this area. What few guidelines and opinions that do exists vary on what law firms and attorneys can and should do with client data. Although the ABA has yet to impose a bright-line requirement on law firms, experts strongly encourage attorneys to discuss how their law firm stores information with clients and notify clients when information is taken.
Although hacking disasters at big law firms may be made more publicized on a national and even international scale, small law firms are by no means immune to these hacks – in terms of confidentiality breaches and reputational damage. In fact, the latest ABA Legal Technology Survey Report suggests that smaller firms are the most likely to be targeted with viruses, with more than half of law firms with 2-9 attorneys (51%) reportedly having a virus.
The latest ABA Legal Technology Survey Report found that nearly half of all law firms (45%) were infected with viruses, spyware or malware last year. In additional to breaches of attorney-client confidentiality duties and other potential ethical violations, widespread consequences of virus infections included the loss of billable hours, consulting fees for repair, and loss of network access. Nevertheless, only one in four law firms had any kind of email encryption available for their lawyers to use.
Breaches shake a client’s faith in the attorney-client privilege, losing clients and severely damaging a law firm’s reputation for years to come. Cloud computing, mobile devices, even blogs can leave law firms vulnerable to attacks.
Is your law firm safe from attacks?
Even cutting edge technology and the most astute observation may not be enough to protect law firms computer systems if you and your law firm don’t have an up-to-date, comprehensive and personalized policy.
Ameliorating the threat can present a difficult if not impossible task for law firm’s to undertake on their own. A strong policy and communication within a law firm is essential to circumvent potential disaster. Effectively communicating within your law firm will help ensure security of client information, as well as contribute to the elevation and growth of your law firm’s reputation.
Learn more about how you and your firm can construct an effective policy and learn to communicate in a way that will boost your law firm’s reputation at HessConnect’s upcoming workshop beginning March 19 in San Diego:
For more information and to register, CLICK HERE: http://hessconnect.instapage.com/