As long as 5 years ago, the FBI started warning law firms that hackers specifically target them. At the time, they cited the most common hacking attempt was to use e-mails to access computer networks and steal data. The report also continued on to note these attempts had begun as early as 2007. Now in 2014, 7 years later, you’ve heard about massive cybercrimes like the ones affecting Target and Home Depot.
Unfortunately, the legal industry is a prime target for hackers for three reasons:
• There’s highly valuable economic information foreign countries like China want
• China has no problem employing hackers and publicly denying any knowledge of wrongdoing
• The law industry as a whole is way behind others in its data security practices
MattKesner,CIO ofFenwick and WestLLP, noted China doesn’t waste it’s state-sponsored hackers on US law firms because “C-squad” rookies are good enough to break through their security measures.
If you are a law firm, what can you do to make sure cyber thieves do not steal your data? A couple of things:
1. Monitor Your E-mail and Its Attachments:
We’ve covered this point many times. But it’s worth repeating because it’s still a very common way that cyber criminals gain access to your information. 99.9% of spam e-mails are usually caught by your filtering software. A rare few make it through, and most of them are obviously spam e-mails.But every once in a while, you get one that looks close to real. It has a familiar name in the subject line. There’s recognizable branding in the body of the e-mail. Part of the domain name in the “from” section of the e-mail is even real. But, there’s always dead giveaways like:
• Obvious typos/spelling errors in the text of the e-mail (read suspicious e-mails carefully)
• A domain name that does NOT exactly match the domain name of the real company
• Asking you for login information (this is never requested by reputable companies through e-mail)
• Suspicious links – usually they’re very long or again go to domains that are spelled similarly (but not exactly) like their reputable counterparts
Train your employees regularly, and stay updated on best practices yourself to make sure you do not give hackers easy access to your sensitive data.
2. Prepare to Demonstrate to Your Clients that Your Data Protection Measures are Up-to-Date:
Some Wall Street banks, for example, want law firms to fill out 60-page questionnaires, and others even visit on-site. That same article also reports they want law firms to stop using thumb drives, emailing any data to tablet PCs, or working on computers linked to networks in Russia and China. Some of these clients threaten to withhold additional work for the legal firms, or ask these firms to have insurance coverage in place in the event of a breach (or both). If you can meet the requirements of thorough inspections like these, your data will be safe and secure.
Does All This Sound Like Too Much for You?
It is a lot to manage. That’s why an outsourced IT support team makes sense.
Why take risks in a day and age where it’s not a question of if, but when, cyber thieves steal your sensitive information? Having a Data Security plan in place, and ensuring that is routinely monitored and tested is not just a luxury anymore, it’s a necessity.
Learn more about the author Bob Martin