Law Firm CyberSecurity in 2018: A Growing Priority

Malware and data breaches have become an immediate concern for organizations of all sizes, across all industries, but law firms have found themselves to be particularly susceptible.

According to a CNA Professional Counsel bulletin, roughly 80 percent of the largest firms in the United States have experienced a malicious breach. In 2016 alone, the IT consultancy Logicforce found that over 10,000 network intrusion attempts were detected per day across just 200 law firms. The same study found that 59 percent of all email directed at the firms was classified as phishing or spam messages resulting in credential theft, ransomware, or “CEO fraud” attempts.

Law firms are built on reputation management. This means that firms must begin to adapt their technology to protect their data. As law firms wade into cybersecurity practice, the glaring reality is that most law firms aren’t prepared for a major breach. According to the 2016 ABA technology survey, only 17.1 percent of all law firms had an incident response plan in place to address a security breach, and only 50 percent of firms of 500 lawyers or more had such a plan in place.

Cybersecurity no longer can be relegated to the IT department or be part of general guidelines on computer use. Cybersecurity, or as some industries call it, cyber risk, is part of doing business.

Companies go to great lengths to protect their data, but they may be ignoring a security soft spot-the information they provide to outside legal counsel. Cybersecurity is evolving. This is more than just a technology issue or an added clause in the retainer agreement—it’s the biggest risk that law firms face in 2017. Cravath, Swaine & Moore and Weil Gotshal & Manges, two of the largest firms in the United States, got caught in a major cybersecurity breach later linked to a $4 million-plus insider-trading scheme.

In addition, reputation damage can be substantial. Just ask the Panamanian firm Mossack Fonseca, whose involvement in the now-famous Panama Papers leak “resulted in unwelcome publicity to the firm and its international clients, whom the Panamanian lawyers had apparently helped set up offshore entities to evade their respective countries’ income taxes on eye-popping wealth,” according to a Law.com report.

However, firms don’t even need to experience a breach to suffer damages. A class action suit against the Chicago firm Johnson & Bell alleges that the firm committed malpractice by failing to maintain adequate cybersecurity standards. According to the federal complaint, “Johnson & Bell has injured its clients by charging and collecting market-rate attorney’s fees without providing industry standard protection for client confidentiality.” The suit alleges class representatives were damaged by the risk that their information could be compromised, pointing out that no information was compromised.

But pressure from clients is causing firms to invest and focus on cyberrisk. Corporate clients want to feel reassured the law firms they’re engaged with are prepared to repel and withstand these kinds of attacks. As such, IT security and data management audits are increasingly being treated as prerequisites to doing business.

At the Techcess CyberSecurity Group, we provide small and medium-sized businesses the managed cyber security services that are typically reserved for larger enterprises. By choosing the security professionals at Techcess CyberSecurity Group to oversee your network’s security, you know that your organization will deal with less downtime, fewer threats, and gain the peace of mind that your business’ network, data, and infrastructure is thoroughly protected.

In protecting your organization’s network 24 hours a day, 7 days a week, 365 days a year, our Cyber security experts’ diligence ensures that your business’ information systems run efficiently and that your data remains secure and working as intended.

To get started protecting your business’ digital assets, call us today at 1-833-892-9237.