GO DARK.
USE ANYWHERE.
LEAVE NO TRACE
SuperEncrypted Communications
DigitalBank Vault® provides sophisticated Digital Anti Surveillance technologies: military-grade encryption systems for ultra-secure anonymous communication (voice, video & text messaging) with untraceable
file transfers & storage solutions
Losing Clients’ Sensitive Data
Hackers gaining access to their clients’ sensitive data is the stuff of nightmares for any sharp attorney today. Once hackers breach your security, they can steal your data and that of your clients to disastrous results, including gaining access to financial accounts.
Consider “the Panama Papers.” Panama-based law firm Mossack Fonseca (the world’s fourth-largest offshore law firm) suffered a security breach resulting in the leak of 2.5 terabytes of data in 2015. The repercussions ricocheted around the world when it was revealed the firm was involved in creating more than 200,000 shell corporations to evade taxes. The fallout included the resignation of Iceland’s prime minister and Spain’s Minister of Industry. If they cared about cybersecurity for law firms and took the necessary measures, they would not have suffered a breach.
IN 2016, hackers breached the security of some of the most prestigious US law firms to gain insider trading information. Up to 48 law firms were affected, and it is estimated that the hackers used the confidential company merger information they gained to make over $4 million through illegal insider trading.
In the UK from 2016 to 2017, more than £11 million of client money was stolen by cybercriminals.
How Cyber Thieves and Hackers May Attack Your Law Firm
Cybercriminals can attack in a variety of ways. Here are just some of them.
Phishing
Phishing is when a message is sent, or an item is downloaded that releases malware when the recipient clicks the mouse to open an attachment or download a file, Phishing attacks occur continuously, but here is one example. In 2012, hackers gained access to the computer of a bookkeeper of a Toronto law firm through a phishing ploy, probably through an email attachment or a free screensaver. The firm still doesn’t know for sure. Hackers were then able to record bank account passwords as the bookkeeper typed them. This gave them complete access to the firm’s trust account, which the firm used to wire funds to foreign countries. The firm lost six figures just over the December holidays. When we help law firms with cybersecurity, we always focus on security awareness for attorneys and all other firm employees. Cybersecurity for law firms must require good cyber awareness sessions to be effective.
Ransomware
Ransomware is increasing as a threat to law firms. Hackers encrypt a firm’s data and then demand to be paid in Bitcoins for the decryption key. Any size firm may fall victim. Ransomware usually enters a law firm’s systems through phishing. It encrypts data, and thieves demand a ransom in exchange for a decryption key.
In a well-known incident in 2017, global law firm DLA Piper, which positions itself as an expert on cybersecurity, was attacked by ransomware called Petya. The firm lost access to its data for a time and had no phones or email for three days. It lost access to old email for a considerably longer time.
Malware and Spyware
Hackers sometimes infect law firm computer systems with malware that spies on the law firm. Serious consequences of malware infection include loss of data and loss of data confidentiality.
The ABA Legal Technology Survey Report showed:
40% of respondents reported infections.
37% reported no infections.
23% reported they did not know.
Reported infections were
Highest in firms with 10 to 49 attorneys (48%)
Lowest in firms of over 500 attorneys (20%)
Cryptojacking
Cryptojacking is relatively new. Thieves use software to hijack devices such as laptops and cellphones and convert them into cryptocurrency harvesting devices. When new communications technology emerges, it often presents new opportunities to hackers. It is up to the law firm to keep up to date on technology and protect against threats.
Law Firms Are Lucrative Targets for Cyber Criminals
Law firms become targets of hackers for some logical reasons.
One-stop shopping: If hackers can break into a law firm’s systems, they can gain access to sensitive and valuable data of not just one company but many – all the law firm’s clients.
Particularly useful information: Law firm servers may hold valuable information, from businesses’ intellectual property to medical records to government secrets. If you’re going to take the trouble to break in, it makes sense to hack where the rewards are worth the trouble.
Low hanging fruit: Many law firms have not adequately guarded themselves and their clients against cyber attacks.
As long as 2011, FBI representatives met with the 200 largest law firms to warn them that law firms are a prime target of hackers. As already mentioned, in 2016, the FBI warned hackers were targeting large international law firms.
Encrypt in an unbreakable way:
Text Messages and Emails, Voice Messages ,Audio Messages, Video , Images ,Images and Video Files, All Types of Documents and Files
Unique Set of Encryption Algorithms for each individual client
Attorneys’ Cyber Standard of Care
Lawyers are required to protect the confidential data of clients for quite some time. That’s nothing new. What has changed is how law firms must protect their clients in today’s climate of cyber threats. The commentary to Rule 1.1 of the Model Rules of Professional Conduct directs attorneys to “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” A recent article on the ABA website says: depending on various factors, law firms must “monitor network activity, review IT reports, and perhaps employ a chief information security officer (CISO) in developing, implementing, and maintaining appropriate cybersecurity programs.” Failure to do so could result in legal malpractice claims.
Steps to Protect Your Law Firm and Its Clients
Keeping your client’s data and your own safety is an ongoing process that requires constant vigilance. There are many steps you can put into place, and the more you use, the safer is your data. This an area for experts, so the following steps are just starting points.
Establish an Aware Firm Culture
Senior partners of the firm should make sure that everyone in the entire firm is invested in data security. They need to establish ongoing training about keeping data safe on all devices.
Keep Your Firm on Its Toes
It’s not enough to just train everyone in your firm and then forget it. You need to retrain regularly and test people. You may even want to send fake “phishing” emails to see who clicks on them. Of course, this would be followed by more training. Continuous training is an important key to cyber safety, yet only 46% of law firms have cybersecurity training formally documented.
Institute Formal Policies
A frightening 45% of law firms do not have formal cybersecurity policies. Without policies in place to protect your data, train your people, and respond if there is a breach, it is only a matter of time before your firm faces disaster.
Put Someone in Charge
If the size of your firm makes it possible, you will want your CISO to oversee your firm’s cybersecurity. If not, a firm executive could oversee it with the advice of the best cybersecurity experts you can find. 67% of law firms put cybersecurity management responsibilities on either IT Directors or Managers or some other non-IT executive at the firm. Don’t shuttle ultimate responsibility for keeping your firm safe to an IT manager.
Create Backup
Only 40% of attorneys who responded to the 2018 ABA Legal Technology Survey Report reported that their firms have a disaster recovery/business continuity plan. A good backup of your data can protect you from ransomware that holds your data captive and malware that destroys it. After all, they can’t ransom your encrypted data to you if you already have it all someplace else.
Use Good Antivirus Software
It’s not enough to just use antivirus software. Make sure your antivirus software is effective and keep it up to date.
Keep Your Software Current
Use the most current operating systems and software, and promptly install software patches. The Equifax breach happened because the company failed to install a software patch.
Limit Access
Give access to data only to those who really need it. Sometimes employees themselves can be a threat, and even if they are not, they offer just one more point where a hacker can penetrate.
Be Careful of File Transfers
Proper file handling should be part of your training. For example, you do not want people to download them onto a flash drive and walk out the door with them. If they must be transferred, they should be encrypted and password-protected. You may also want to use a Virtual Desktop Infrastructure (VDI) so files are not stored on laptops but only on a VDI server.
Secure Your Email: Really Secure Your Email
Insist that all email is only sent from firm accounts which can be encrypted. You will need to enforce this policy because it is easy for attorneys to fall into just sending important information from their personal accounts when they are home on the weekend. Also, institute an email retention policy, so the only email that is really necessary is still available.
Consider Outsourcing Your Cyber Security to Experts
If yours is not a very large firm, it’s highly doubtful that you have the kind of cybersecurity expertise in-house to give your data the most effective ongoing protection. And that doesn’t mean many of the largest firms necessarily have this kind of expertise either. To effectively protect your data yourself, you will need to set up a security operations center to inspect all your traffic, categorize it according to risk level, stop suspect traffic in its tracks and immediately repair the damage. Of course, a solid crisis management plan must also be in place in case your systems are breached. And that’s just the beginning.
Law firm cyber threats change constantly. You need real experts who keep up with it. And if you do bring in experts, make sure they focus only on law firms.
Conclusion
Law firms have made a lot of strides in taking measures to protect against cyber risks, but not enough. Law firms should regularly assess their risks. Most do not have the expertise to do that and should look for the most qualified outside experts they can find to advise them. Technology is constantly changing and so are security threats. Establishing good cybersecurity is an ongoing process, not a one-time or occasional event.
It’s time to prioritize cybersecurity: It requires professional expertise, sophisticated strategies, and complex technology. It is not an overstatement to say that today the future of your firm depends on providing yourself and your clients with strong, effective security against hackers and cyber thieves.
GO DARK.
USE ANYWHERE.
LEAVE NO TRACE
SuperEncrypted Communications
