The FBI has warned top law firms that cyber criminals “see attorneys as a back door to the valuable data of their corporate clients”. Depending on the type of law firm, these clients may be businesses that generate international interest around matters like acquisitions and patents. But yet, despite the warnings, the legal industry is still lagging when it comes to data protection.

As a result, law firms are facing increasing pressure to button up their cyber security presence – not only from authorities, but now also from their clients. Some clients are requiring time consuming audits or mandating data privacy compliance, during a time when IT resources are already spread too thin.

Over the last decade, it has become increasingly apparent that law firms are one of the hottest targets for cyber criminals seeking to benefit from sensitive client data. In 2016 alone, hackers have demonstrated that they are after the treasure trove of personal information within the legal sector, as proven by recent data breaches at law firms including Cravath Swaine & Moore LLP, Weil Gotshal & Manges LLP, and Mossack Fonseca.

The incident at Mossack Fonseca just scratched the surface of the lack of cyber security resources within the legal sector. In fact, over 2.6 terabytes of data was stolen without Mossack Fonseca detecting any sign of theft, and a total of 11.5 million sensitive records were stolen overall.

These data breaches – which made international news headlines – all demonstrated that most law firms do not have basic cyber security controls in place for detecting and mitigating data breaches. To counteract the lack of IT resources, law firms should immediately take five steps, as outlined below, to help keep sensitive client data protected from malicious and sophisticated cyber criminals.

Jul-Sep 2016 Issue

Digital Guardian