LEGAL
Firms that hold intellectual property, merger and acquisition, commodity investment, contract negotiations, market deals, and family and personally sensitive data are phenomenally attractive. The risk is as real for small firms as the largest firms.
Consequences of breach can
be firm-destroying
Law firms are facing increasing external cyber-attack as well as insider threats. Criminals, nation state actors, and even interested commercial parties are attracted to the crown-jewel types of data with which firms are often entrusted. As law enforcement warns, law firms in general are more lax on security than the corporations they represent. As the Solar Winds hack showed, even sophisticated firms can be hacked with devastating impacts on their reputations as trusted advisors to large companies or high net worth individuals with closely held secrets. The consequences of breach can be firm-destroying with massive financial and even political consequences for clients.
At a recent ABA seminar, experts urged the creation of a cyber-aware culture, the running of readiness assessments, obtaining cyber risk insurance, etc. But common to all the advice was the need for forms to encrypt data, test their backups, partition and limit data to only those who need access – “Rely on multiple layers of data protection that deliver pervasive use of encryption and strong authentication”. This is where STASHÂŪ comes in.
Firms that hold intellectual property, merger and acquisition, commodity investment, contract negotiations, market deals, and family and personally sensitive data are phenomenally attractive. The risk is as real for small firms as the largest firms.
Don’t let your data be compromised.
Prevent cybersecurity threatswith STASH.
âNearly 50 law firms were targeted by a Russian cybercriminal who posted on a cybercriminal forum seeking a hacker to collaborate with him. He hoped to hire a black-hat hacker to handle the technical part of breaking into the law firms, offering to pay $100,000, plus another 45,000 rubles (about $564). He offered to split the proceeds of any insider trading 50-50 after the first $1 million. Sporting of him. The list of law firms reads like a âWhoâs Who Among Top Law Firms.â âĶ we believe most of them have been breached.â
â Sharon D. Nelson, President & John W. Simek Vice President Sensei Enterprises Quoted in Law Practice Today, American Bar Association
âI think that number is vastly understated based on what I experienced first hand throughout my travels and conversations with firm leaders across the country. The fact that firms are typically not required to report unwanted network intrusions lulls other firms and the public into a blurred sense of reality in regards to what is really happening in the marketplace. When Iâm in a group setting, I still donât see many people raise their hands to discuss a recent breach, but almost all of them have some type of incident to share that occurred at their firm when we are behind closed doorsâ.
â Marco Maggio, U.S. Director, All Covered Legal Practice quoted in Law Practice Today, American Bar Association
“Law firms have always operated inside a bubble of their own making, in which information security will take care of itself because “we’re all good people” and “we’ve been careful in hiring and training.” A moment’s reflection reveals the vacuity of those attitudes when put up against determined, full-time, state-supported hackers.”
– Robert Owen, Partner in Charge Sutherlands Asbill & Brennan’s New York office quoted in Law Practice Today, American Bar Association
Cyber Talk
"Law firms should understand the risk and have strong policies and procedures in place both for prevention/detection and mitigation of the information. If some client information is sensitive, measures should be taken to avoid storage where it is easy to obtain. Similar to the old practice of keeping paper files under lock and key, partitioning of especially sensitive data should be practiced. Law firms should have a data storage policy that only keeps documents on their main systems if necessary, then transferred to a more secure storage vehicle."
