With cybercrime-related problems showing no signs of stopping, whether legal firms will be affected moves from if into the realm of when. Nobody expects that he or she will become a victim of cybercrime, creating a culture of damage-control where firms focus on mitigating the damage of breaches rather than initial prevention.
Legal Firms at Risk
The senior director of information security at LexisNexis, Jeffrey Norris, highlighted the two biggest reasons that law firms are in danger of breaches:
“The criminal element has performed direct attacks on organizations at a growing pace going back to at least 2012 […] it’s now becoming understood that it’s easier to go after a third party to gain access to these organizations,” he said. “…The spotlight has swung towards law firms due to security concerns of how they handle the data they’re entrusted with.”
Aside from the ease of targeting third-party legal firms, Norris spoke to the variety of data held by these firms, which often includes personal information, corporate merger details, intellectual property claims, and privileged legal data. “It becomes a realization they may have a treasure trove of data outside of the primary organization that’s being targeted,” said Norris.
Steps toward Security
With nearly 80 percent of the biggest legal firms facing hacking-related problems since 2011, the need for increased regulation of third-party vendors is clear. Fortunately, the concerns voiced by IT professionals and network administrators on the risks of online data usage have not fallen on deaf ears. New York State Department of Financial Services (NYFDS) Superintendent Benjamin Lawsky recently acknowledged the vulnerabilities faced by third-party legal firms and his commitment to stricter cybersecurity protocols
However, Lawsky noted that “[while] banking organizations appear to be working to address the cybersecurity risks […] progress varies depending on the size and type of institution.”
Increasing the transparency of cybercrime-related issues is a tall order for an industry that relies on client confidence and security of information, but five Am Law 100 and Magic Circle firms are taking initial steps toward this goal. The alliance between these firms promises increased sharing of cyber-security threat information and opens a dialogue between industry partners that face the same challenges.
While there is still plenty of work to do, this is an encouraging step in the right direction for legal firms who acknowledge that cybercrime is a threat they can no longer ignore.
Written by Desh Urs
As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decision Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.
Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.