If a billion kids made a human tower, they would stand up past the moon. If you sat down to count from one to one billion, you would be counting for 95 years. If you found a goldfish bowl large enough hold a billion goldfish, it would be as big as a stadium. A billion seconds ago it was 1959. A few seconds ago, a billion passwords were stolen from Russian criminals leaving your firm, its clients and employees, at risk.
An exaggeration, you think? Hardly.
“A lot of firms have been hacked, and like most entities that are hacked, they don’t know that for some period of time,” says Vincent I. Polley, lawyer and co-author of recent book for the American Bar Association on cybersecurity.
“Sometimes, it may not be discovered for a minute or months and even years.”
Unfortunately, when it’s late and you still have a few hours work to do, it’s easier to pack up your laptop, save some client information on a portable flash drive, and then head home. Nobody wants to prioritize cybersecurity over work-life balance.
The problem is, hackers these days have become more and more sophisticated. And your efforts to make working from home more efficient have, instead, made stealing confidential and private information more prevalent.
In fact, cybersecurity concerns within law firms has become so important to high-profile, high-profit clients, like big banks, have started to withdraw business from firms that demonstrate relaxed regard for security measures.
“Wall Street banks are pressing outside law firms to demonstrate that their computer systems are employing top-tier technologies to detect and deter attacks from hackers bent on getting their hands on corporate secrets either for their own use or sale to others, said people briefed on the matter who spoke on the condition of anonymity.”
“Some financial institutions are asking law firms to fill out lengthy 60-page questionnaires detailing their cybersecurity measures, while others are doing on-site inspections,” writes Matthew Goldstein for the New York Times online.
Other corporate clients, the same article reports, are requesting that law firms stop putting files on portable drives altogether, emailing them on non-secure devises, such as smartphones or tablets, and sharing servers with offices in notoriously cyber-insecure countries, such as China and Russia.
Today, we realize how important these measures may be in securing your future as CNN reports that Russian criminals stole 1.2 billion passwords.
Hold Security founder Alex Holden told CNNMoney that the treasure trove includes credentials gathered from over 420,000 websites, both smaller sites as well as “household names.”
Thus, chances are high that your firms assets—or those of its employees—are among the exploited.
Some think that pressure from clients will help law firms get with the digital times and clean up their cybersecurity act. Daniel B. Garrie, executive managing partner with Law & Forensics, a computer security consulting firm that specializes in working with law firms. He thinks, “When people say, ‘We won’t pay you money because your security stinks,’ that carries weight.”
Law firms, however, are notoriously slow in upgrading their technological tools.
Do you agree with Garrie, are law firms finally paying attention?
One last lesson in one billion: If we wanted to make a book with a billion dollar signs, printed 1000 per page and with pages printed on both sides, the book would be 500,000 pages long. How many billions of dollars are you willing to risk (after being told a billion times) before your firm upgrades its cybersercurity systems?
To learn more, get C4CM’s webinar “Mitigating Cyber Risk: Strategies for Legal Counsel to Reduce Exposure and Avoid a Data Breach Devastation,” available on CD.
This comprehensive webinar will help you to mitigate risk by fine tuning or putting into place key procedures and policies for cyber protection. You will also learn what to do once a data breach is revealed.
- Data breach response tactics and notification obligations
- Practical and essential first steps to take if a breach occurs
- What to include in your Incident Response Plan
- Securities and Exchange Commission (SEC) disclosure obligations related to cyber risks and data breaches
- How cyber-insurance coverage acts a risk mitigation tool, and what to look for in your policy
- Key individuals that your organization should be developing relationships with and why
- Practical protocols for reviewing and including cyber clauses in vendor and client contracts
- Much more…