Target. Yahoo. eBay. Netflix. JP Morgan Chase. The U.S. Office of Personnel Management. Sony. Ashley Madison. The Democratic National Committee. LinkedIn. Home Depot.
What do all of those companies have in common? They all have been the victim of cybersecurity breaches.
Imagine how attractive a law firm that specializes in medical malpractice or personal injury is to a hacker. Or what about a defense firm with terabytes of business emails, trade secrets and financial information?
A law firm that keeps any kind of sensitive data is subject to regulatory violations and lawsuits if that information is compromised. A multi-million-dollar global company might be able to overcome a cybersecurity breach, but a small to mid-sized law firm might not.
“There are two types of firms: those that know they’ve been (cyber) attacked and those that don’t.” – Jill Rhodes, co-author of “The ABA Cybersecurity Handbook”
The Health Insurance Portability and Accountability Act (HIPAA) became law in 1996, and it was amended in 2009 to mandate that business associates of covered entities comply with several provisions, including those related to security and privacy. The amendment also calls for stricter enforcement of compliance failures.
But it isn’t just HIPAA that a lawyer needs to worry about in terms of cybersecurity. Clients’ personal financial records, business dealings, sealed family law filings, even criminal court records all could be breached if a lawyer or law firm hasn’t taken adequate precautions to protect their computer systems and networks.
And even that might not be enough. Cloud technology, email, smartphones and other wireless devices all provide another entrance for potential hackers.
Careers – those of lawyers and their clients – can be destroyed, and businesses have crumbled due to breaches in security. No matter the industry, customers deserve to know that their information is protected.
For proof of potential damage, an attorney just needs to take a quick look at recent headlines.
The Chicago law firm of Johnson & Bell Ltd. was hit with a class action lawsuit after it failed to protect client data. Panama-based Mossack Fonesca also was breached, resulting in millions of documents and terabytes of leaked data involving dozens of companies, celebrities and global leaders.
The same goes for a handful of New York law firms that were hacked. Cravath, Swaine & Moore as well as Weil Gotshal & Manges were the victims; hackers were looking for insider-trading information related to planned business mergers, according to The Wall Street Journal. The hackers used the information to steal more than $4 million, according to reports.
And just this summer, the global firm of DLA Piper was the victim of a ransomware attack that affected computers and phones across the company.
“The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware,” the firm said in a statement. “We are taking steps to remedy the issue as quickly as possible.”
As of now, 26 states require lawyers to keep up with changes in legal technology. Florida even requires regular CLE technology credits.
Enter Advantage Technology
Advantage Technology has the technology and personnel in place to address any shortcomings your law practice has in its cybersecurity plans, if it even has one. We deliver a number of advisory services in addition to security compliance testing, awareness training and other professional security services.