In this new white paper, published by Thomson Reuters’ Legal Executive Institute, authors Daniel Garrie and Rhea Siers examine some of the vulnerabilities that law firms face in keeping their own internal data and client data safe from cybersecurity attacks.
“Law firm culture has long focused on the ability of attorneys to bring a high level of thought and analysis to every legal case on the firm’s roster. However, similar care has not been spent by firms when it comes to data security. Without data security, client files may inadvertently end up on a file server in China, Brazil or perhaps even Russia,” the authors write.
The authors also offer several cost-efficient solutions to help law firms and companies remedy this growing and potentially disastrous problem.
Like most enterprises, hacking is generally about making money. Even without a direct link to the attorney’s confidential client information, any other data on the laptop can easily be bought and sold on the underground market. Take, for example, a personal email account. Within this account, our attorney friend has emailed his bank account information in 2007 to his brother so a transfer could be made. Between 2010 and 2015, before his law firm bought iPads for attorneys, our attorney would often send himself client documents to work on from home.
As a highly organized attorney, our friend keeps all copies of receipts from Internet transactions in a folder in his Gmail account. He is wise not to save his username on his banking website, but he does maintain an email in his drafts folder with a list of all passwords for those less important sites, like his Netflix account. Through the use of spear fishing, social engineering, and malware, even a marginally savvy criminal with access to this information can withdraw funds from the attorney’s bank account, impersonate the attorney, and gather enough information and access to use the email accounts to send spam.