To most people, the documents on a lawyer’s laptop wouldn’t exactly make for riveting reading material. But if you’re a hacker, it’s a different story. Law firms are the perfect target for clandestine dabbling in insider trading, intellectual property theft, trade secrets, and more. For cybercriminals who want the upper hand in lawsuits or negotiations, or simply a bit of ransom money, a lawyer’s hard drive can be gold.
This is how law firms can increase their cybersecurity and reduce the risk of hacking.
Within the hacker community, law firms are ideal targets for two reasons. There’s the sensitivity of the information they handle, of course, but also the fact that many small firms haven’t adopted the tech to keep them safe. And even major firms who can afford robust solutions are nonetheless vulnerable. In May 2020, a high-profile firm representing celebrity clients like Lady Gaga and Madonna experienced a ransomware attack.
Security breaches have grown so common for law firms that sadly, it’s not unwise to employ the philosophy of “when, not if.” A breach can include incidents like a lost or stolen computer or smartphone, hacker, physical break-in, or website exploit. Some estimates predict that cybercrime will increase by 70% over the next five years. And according to the ABA, 42% of law firms with up to 100 employees have experienced a data breach.
Frustratingly, many hacks happen via third-party vendors—not the law firm itself. There were two such security breaches at global law firms in February 2021. Hackers accessed mediation documents and other confidential client material, but not through email phishing or predictable passwords. In one case, the blame fell on a file transfer software platform used by the law firm. Hackers claimed to have stolen documents from the firm, posting screenshots allegedly taken from their files on the internet.
Internally at each firm, best practices for cybersecurity were in place, yet both had to inform clients that criminals may have seen their private information. That’s a difficult situation to be in — especially if you’re not directly responsible. "It’s not our fault, we swear!” is cold comfort to clients.
For lawyers, cybersecurity can feel daunting. It helps to break down tactics within a counter-strategy to prepare for threats. Start by zeroing in on three P’s: policies, proaction, and partners.