Last year, a Canadian company was investigating a possible takeover of a Chinese state-owned chemical and fertilizer group. Until, that is, several large Canadian law firms involved in the takeover were attacked by hackers linked to computers in China, reports the Wall Street Journal.
The extent of the breach was never fully understood. Nor were the culprits behind the cybersecurity incident identified.
In this case, computer infiltration was not the only thing to fly under the radar—the fact that law firms are being targeted for their valuable and confidential information also seems to be a tight-lipped secret among governments and corporations.
Will your law firm be next?
“For hackers bent on insider trading, targets could include lawyers at top law firms that handle mergers and acquisitions, such as Cravath, Swaine & Moore LLP, Skadden, Arps, Slate, Meagher & Flom LLP or Davis Polk & Wardwell LLP,” said Mr. Friedberg, a former federal prosecutor, to the WSJ.
“Half the time people post their cell numbers on their v-card,” Friedberg continued.
Lawyers live by their mobile phones, laptop computers, and portable harddrives full of sensitive client information. Passwords, firewalls, and common sense may not be strong enough to resist a talented hacker.
So, if your law firm is the type to post downloadable business cards on its website, it’s time to reevaluate your cybersecurity measures.
Still think this sounds more like a Tom Cruise movie than a law firm reality?
“We’ve seen specific documents from law firms on specific deals being exfiltrated from cyberattacks,” the FBI’s Mary Galligan said in April at a law-firm conference in New York.
The perpetrators “know exactly what they are looking for and, as a result of that, there is some undercutting of bids in those deals.”
Law firms have been targets for awhile now, but they’ve managed to stay out of the media.
“All of this is underreported,” said Mr. Henry, who left the FBI this year to become president of CrowdStrike Inc., a security start-up that investigates breaches, to the WSJ.
“Law firms have incredibly valuable and sensitive information, and the Internet just provides a whole other methodology through which the information can be accessed and pilfered.”
So, how do you become the next victim?
Forbes explains that there are many ways to open up your business network to a possible hack. Below are just a few:
- Simple Passwords. Isn’t it a pain to assign a different 10-digit password to each computer or program login? Absolutely. But, not more painful than having to report to your firm manager that you lost a million-dollar case because confidential material was leaked from your Blackberry—locked with the password abc123. Complicated, frequently-changed passwords are even more important for the Admin login. Don’t use any of these, either.
- Failure to Educate. It’s important to teach your employees and law firm associates the proper protocol, not just in creating passwords, but also in handling day-to-day sensitive documents. Develop a policy and protocol for preventing cyberbreaches and for mitigating the ones that still get through.
- Allowing Unrestricted Access to All Employees. Talk to your IT Department and decide, does everybody need access to everything? There’s a reason why, for example, the government has security clearances.
- Lack of Monitoring. Don’t wait for a breach to happen before you start to monitor your network. Most attacks don’t happen instantly. Instead, systems are infiltrated over time. Hire IT employees who understand how to identify the introduction—slowly but surely—of malware and discrepancies.
Although it may seem like a lot of time and manpower, installing proper cybersecurity equipment now can prevent expensive patchwork on bigger breaches in the future.
Talk of cybersecurity has died down, in general. Unfortunately, reports on the number of computer breaches at law firms are still kept close to the vest. After all, nobody can afford to lose clients during a recession. For you, and your firm, all may seem quiet and calm.
Therefore, you may not get solid proof that the industry of law is under particular attack until it’s too late. The field of law may be, at present, in the eye of the storm for computer hacking.
The question is, how long are you going wait for the damage to be done?