The legal sector has become the new trending target for a wave of cyberattacks as more organisations are attacked for sensitive data. Legal entities throughout 2016 were at greater risk of a data leak/breach than any previous year. Law firms were amongst the top targets for cyberattacks with 73 out of the 100 Top UK law firms being targeted, a figure growing by 60% over the last two years. In the United States cyber attack rates were similar with 80 percent of United States’s top 100 law firms becoming victims of a breach.
These cyberattacks underscore what many in the American and British legal sectors have been reluctant to accept: law firms represent the latest target for cybercriminals. Despite increasing regulations, the incentives are too high to be ignored.
According to John Browning at DMagazine, “more corporate entities are falling prey to schemes as simple as “phishing” tactics or as sophisticated as a coordinated cyberattack, exposing client data that could include sensitive financial information, market-influencing mergers and acquisitions intelligence, and IP from a patent filing”. With cybersecurity regulations coming into effect, and client knowledge of cyber threats increasing, law firms need to put sufficient measures in place to secure their corporate information. Cyber crime statistics won’t improve in 2017, or even remain the same, data breaches will continue to rise.
Why are law firms easy targets?
In 2015, an American Bar Association survey revealed that even though one in four firms with at least 100 lawyers had fallen victim to a breach, nearly half had no response plan. “Most lacked security measures beyond rudimentary tools like firewall software, spam filters, and virus scanners.”
Essentially all lawyers now access email, and talk to clients or colleagues away from their offices using smartphones, laptops or tablets. The 2016 Legal Technology Survey Report by the American Bar Association expressed that “Respondents report an overall use of encryption of smartphones by only 16%”. With a figure this low it is no surprise that data breaches and corporate leaks are, especially amongst law firms, on the rise. Law firms and lawyers, judging by recent reports are still not aware about the importance of encrypting and securing all of their communications. While 98% of lawyers have a password on their laptops, only preventing access, ABA express that “only 19% encrypt their laptop hard drive”.
These figures are concerning considering more legal work is being carried out outside of the office on personal devices with little to no encryption methods in place. The confidential client data in emails, files, and other communications that are stored and transmitted by corporate laptops, smartphones and tablets are not being protected in the manner it should be. In fact, only 43% of lawyers reported having a mobile technology policy for their firm, meaning the majority of law firms don’t have a policy for how mobile devices should be used, as well as how client data should be stored and transmitted upon them.
According to cybersecurity and data protection attorney Shawn Tuma of Frisco’s Scheef & Stone, “lawyers are under significant pressure to do things quickly and efficiently” making it difficult for cybersecurity teams and IT departments to install security systems, thus explaining the poor results above.
Since as far back as 2012, the American Bar Association are taking extreme efforts to update their rules of professional responsibility, requiring lawyers to make “reasonable efforts” to prevent the disclosure and unauthorized access to client information. As recently as April 2016, a New York real estate lawyer was sued by her two clients for allegedly neglecting to protect them from hackers who stole $1.9M. The individual trusted that her communications would be safe by using an AOL email account to communicate confidential information with her clients. The use of this email was “notoriously vulnerable” which allowed hackers to breach the information and steal the funds for the purchase of a property.
Patrick Hill, a partner at DAC Beachcroft and head of the firm’s professional risk team, said: “You can see a big reputational threat to law firms on the wrong end of these data breach incidents. If you are a major law firm, the ability to ensure your clients’ data is kept confidential is absolutely key to your standing.”
With the stakes becoming higher every year and the cost of data leaks and breaches on the rise, why aren’t organisations taking their cybersecurity needs seriously? Law firms are becoming increasingly reliant on new technologies to stay relevant in the modern world. These changes bring new opportunities and threats within the legal sector. With increased scrutiny into client confidentiality, communications between lawyer and client can often be one of the most disrupted elements within a legal case. The availability of enterprise communication tools enable law firms to protect their clients’ information through the use of secure communication solutions such as EQUIIS.
Protect your clients. Protect your practice. Secure your communications.
EQUIIS Technologies Switzerland AG was founded by a group of mobile and encryption entrepreneurs and pioneers with a shared history working with some of the world’s largest enterprises and telecommunication operators. We share a vision of bringing to market a cohesive, purpose built end to end secure enterprise communications platform with proven encryption technologies. EQUIIS is headquartered in Zurich, Switzerland, for more information visit www.equiis.com.