Adam Adler About How Cyber Attacks Damage Law Firms and Their Clients
DigitalBank Vault® provides sophisticated Digital Anti Surveillance technologies: military-grade encryption systems for ultra-secure anonymous communication (voice, video & text messaging) with untraceable
file transfers & storage solutions
Losing Clients’ Sensitive Data
Hackers gaining access to their clients’ sensitive data is the stuff of nightmares for any sharp attorney today. Once hackers breach your security, they can steal your data and that of your clients to disastrous results, including gaining access to financial accounts.
Consider “the Panama Papers.” Panama-based law firm Mossack Fonseca (the world’s fourth-largest offshore law firm) suffered a security breach resulting in the leak of 2.5 terabytes of data in 2015. The repercussions ricocheted around the world when it was revealed the firm was involved in creating more than 200,000 shell corporations to evade taxes. The fallout included the resignation of Iceland’s prime minister and Spain’s Minister of Industry. If they cared about cybersecurity for law firms and took the necessary measures, they would not have suffered a breach.
IN 2016, hackers breached the security of some of the most prestigious US law firms to gain insider trading information. Up to 48 law firms were affected, and it is estimated that the hackers used the confidential company merger information they gained to make over $4 million through illegal insider trading.
In the UK from 2016 to 2017, more than £11 million of client money was stolen by cybercriminals.
How Cyber Thieves and Hackers May Attack Your Law Firm
Cybercriminals can attack in a variety of ways. Here are just some of them.
Phishing is when a message is sent, or an item is downloaded that releases malware when the recipient clicks the mouse to open an attachment or download a file, Phishing attacks occur continuously, but here is one example. In 2012, hackers gained access to the computer of a bookkeeper of a Toronto law firm through a phishing ploy, probably through an email attachment or a free screensaver. The firm still doesn’t know for sure. Hackers were then able to record bank account passwords as the bookkeeper typed them. This gave them complete access to the firm’s trust account, which the firm used to wire funds to foreign countries. The firm lost six figures just over the December holidays. When we help law firms with cybersecurity, we always focus on security awareness for attorneys and all other firm employees. Cybersecurity for law firms must require good cyber awareness sessions to be effective.
Ransomware is increasing as a threat to law firms. Hackers encrypt a firm’s data and then demand to be paid in Bitcoins for the decryption key. Any size firm may fall victim. Ransomware usually enters a law firm’s systems through phishing. It encrypts data, and thieves demand a ransom in exchange for a decryption key.
In a well-known incident in 2017, global law firm DLA Piper, which positions itself as an expert on cybersecurity, was attacked by ransomware called Petya. The firm lost access to its data for a time and had no phones or email for three days. It lost access to old email for a considerably longer time.
Malware and Spyware
Hackers sometimes infect law firm computer systems with malware that spies on the law firm. Serious consequences of malware infection include loss of data and loss of data confidentiality.
The ABA Legal Technology Survey Report showed:
40% of respondents reported infections.
37% reported no infections.
23% reported they did not know.
Reported infections were
Highest in firms with 10 to 49 attorneys (48%)
Lowest in firms of over 500 attorneys (20%)
Cryptojacking is relatively new. Thieves use software to hijack devices such as laptops and cellphones and convert them into cryptocurrency harvesting devices. When new communications technology emerges, it often presents new opportunities to hackers. It is up to the law firm to keep up to date on technology and protect against threats.
Law Firms Are Lucrative Targets for Cyber Criminals
Law firms become targets of hackers for some logical reasons.
One-stop shopping: If hackers can break into a law firm’s systems, they can gain access to sensitive and valuable data of not just one company but many – all the law firm’s clients.
Particularly useful information: Law firm servers may hold valuable information, from businesses’ intellectual property to medical records to government secrets. If you’re going to take the trouble to break in, it makes sense to hack where the rewards are worth the trouble.
Low hanging fruit: Many law firms have not adequately guarded themselves and their clients against cyber attacks.
As long as 2011, FBI representatives met with the 200 largest law firms to warn them that law firms are a prime target of hackers. As already mentioned, in 2016, the FBI warned hackers were targeting large international law firms.
Encrypt in an unbreakable way:
Text Messages and Emails, Voice Messages ,Audio Messages, Video , Images ,Images and Video Files, All Types of Documents and Files
Unique Set of Encryption Algorithms for each individual client
Attorneys’ Cyber Standard of Care
Lawyers are required to protect the confidential data of clients for quite some time. That’s nothing new. What has changed is how law firms must protect their clients in today’s climate of cyber threats. The commentary to Rule 1.1 of the Model Rules of Professional Conduct directs attorneys to “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” A recent article on the ABA website says: depending on various factors, law firms must “monitor network activity, review IT reports, and perhaps employ a chief information security officer (CISO) in developing, implementing, and maintaining appropriate cybersecurity programs.” Failure to do so could result in legal malpractice claims.
Steps to Protect Your Law Firm and Its Clients
Keeping your client’s data and your own safety is an ongoing process that requires constant vigilance. There are many steps you can put into place, and the more you use, the safer is your data. This an area for experts, so the following steps are just starting points.
Establish an Aware Firm Culture
Senior partners of the firm should make sure that everyone in the entire firm is invested in data security. They need to establish ongoing training about keeping data safe on all devices.
Keep Your Firm on Its Toes
It’s not enough to just train everyone in your firm and then forget it. You need to retrain regularly and test people. You may even want to send fake “phishing” emails to see who clicks on them. Of course, this would be followed by more training. Continuous training is an important key to cyber safety, yet only 46% of law firms have cybersecurity training formally documented.
Institute Formal Policies
A frightening 45% of law firms do not have formal cybersecurity policies. Without policies in place to protect your data, train your people, and respond if there is a breach, it is only a matter of time before your firm faces disaster.
Put Someone in Charge
If the size of your firm makes it possible, you will want your CISO to oversee your firm’s cybersecurity. If not, a firm executive could oversee it with the advice of the best cybersecurity experts you can find. 67% of law firms put cybersecurity management responsibilities on either IT Directors or Managers or some other non-IT executive at the firm. Don’t shuttle ultimate responsibility for keeping your firm safe to an IT manager.
Only 40% of attorneys who responded to the 2018 ABA Legal Technology Survey Report reported that their firms have a disaster recovery/business continuity plan. A good backup of your data can protect you from ransomware that holds your data captive and malware that destroys it. After all, they can’t ransom your encrypted data to you if you already have it all someplace else.
Use Good Antivirus Software
It’s not enough to just use antivirus software. Make sure your antivirus software is effective and keep it up to date.
Keep Your Software Current
Use the most current operating systems and software, and promptly install software patches. The Equifax breach happened because the company failed to install a software patch.
Give access to data only to those who really need it. Sometimes employees themselves can be a threat, and even if they are not, they offer just one more point where a hacker can penetrate.
Be Careful of File Transfers
Proper file handling should be part of your training. For example, you do not want people to download them onto a flash drive and walk out the door with them. If they must be transferred, they should be encrypted and password-protected. You may also want to use a Virtual Desktop Infrastructure (VDI) so files are not stored on laptops but only on a VDI server.
Secure Your Email: Really Secure Your Email
Insist that all email is only sent from firm accounts which can be encrypted. You will need to enforce this policy because it is easy for attorneys to fall into just sending important information from their personal accounts when they are home on the weekend. Also, institute an email retention policy, so the only email that is really necessary is still available.
Consider Outsourcing Your Cyber Security to Experts
If yours is not a very large firm, it’s highly doubtful that you have the kind of cybersecurity expertise in-house to give your data the most effective ongoing protection. And that doesn’t mean many of the largest firms necessarily have this kind of expertise either. To effectively protect your data yourself, you will need to set up a security operations center to inspect all your traffic, categorize it according to risk level, stop suspect traffic in its tracks and immediately repair the damage. Of course, a solid crisis management plan must also be in place in case your systems are breached. And that’s just the beginning.
Law firm cyber threats change constantly. You need real experts who keep up with it. And if you do bring in experts, make sure they focus only on law firms.
Law firms have made a lot of strides in taking measures to protect against cyber risks, but not enough. Law firms should regularly assess their risks. Most do not have the expertise to do that and should look for the most qualified outside experts they can find to advise them. Technology is constantly changing and so are security threats. Establishing good cybersecurity is an ongoing process, not a one-time or occasional event.
It’s time to prioritize cybersecurity: It requires professional expertise, sophisticated strategies, and complex technology. It is not an overstatement to say that today the future of your firm depends on providing yourself and your clients with strong, effective security against hackers and cyber thieves.
ABOUT ADAM ADLER: Adam Adler is a serial entrepreneur with over 18 years of experience all at top-level management and ownership. Primarily investing his own capital and building brands from the ground up. At the early age of 4, Adam began his tennis career at the world-renown Rick Macci Tennis Academy in South Florida. Adam remained a highly ranked Junior Tennis player for his entire junior career. Once completing high school, Mr. Adler received a scholarship to play tennis at the University of South Carolina and graduated in 2007 Magna Cum Laude from USC, double majoring in Sports & Entertainment Management and Business. While at USC, Adam began his career by developing a patented algorithmic software as the base for his social networking company, Ultimate Social Networking Inc (USNI), and developing Ultimate College Model, seeing this to acquisition.
Adam’s love for completion never waned. Adam began playing poker in his free time and quickly became entrenched in the game, studying hours a day. Adam traveled around the country playing in some of the highest stakes No Limit and Pot Limit Omaha cash games in the world. Adam has made multiple World Series of Poker Final Tables, with his most notable finish coming in 2018 with a runner-up finish in the$10,000 Turbo Event. Adam has won millions of dollars in both cash game and tournament poker over the last 15 years. Adam’s second venture began with assembling a team of the best molecular scientists, mostly Merck and Amgen biochemists and formulators, and building out a multi-million dollar, 30,000 sq. ft. FDA/cGMP approved facility in Oxnard CA.
This is where Adam’s passion for biotech really began. His sports background allowed him to take this brand and bring in global icons around a strategic marketing plan activating the world’s most iconic athletes and celebrities. Adam developed this revolutionary technology in 2009. Using sublingual, buccal mucosal, and transdermal absorption directly to the bloodstream, by-passing the GI tract, Adam’s company Fuse Science completely changed the way consumers receive vitamins, electrolytes, nutrients, and medicines. Going direct to the bloodstream, bypassing the GI Tract, the platform technology was a game-changer. Adam self-funded this company privately for over 2 years, developing the product line and securing the IP. As Chief Executive Officer, Adam grew the company rapidly, seeing its market cap increase from $500,000 to over $100,000,000.
Adam put together one of the most impressive lists of athlete partners on the planet, signing Tiger Woods (including the rights to his bag for 5 years), Andy Murray, Tyson Chandler, Paul Pierce, Big Papi David Ortiz, Jose Bautista, Arian Foster, Paul Rodriguez, and many others. Adam’s deep-rooted relationships with the world’s top athletes and celebrities are his core group of friends along with business partners.
Adam's handpicked a Fortune25 management team, hiring the President of SC Johnson, CEO of Footlocker, Chief Scientific Officer for Johnson & Johnson, Clinical Director at Merck, Head of Duke Sports Medicine, and had over 100 employees. Adam brought Daymond John and Shark Branding in as partners as well. Adam has placed products in over 100,000locations, including Walgreens, CVS, Sports Authority, Dick’s, Duane Reade, 7-11, GNC, Walmart, Target, Costco, Vitamin Shoppe, and many others. Mr. Adler is currently managing The Adler Fund, investing in real-estate emerging growth companies with a focus on cybersecurity, cannabis, and biotechnology.