Whitepaper: Rise of Law Firm Hacks Leads to More Scrutiny From Corporate Clients
Third-Party Cybersecurity Assessments Help Manage Risk
Karen Hornbeck, Consilio
Last year was a lightning rod for law firm cybersecurity breaches. In March 2016, the FBI warned of “a financially motivated cybercrime insider trading scheme” that was targeting “international law firm information used to facilitate business ventures.” That month, it came to light that several major American law firms had also been hacked in 2015. In one case, three hackers used the stolen information to net more than $4 million in an insider-trading scheme. Meanwhile, Panamanian law firm Mossack Fonseca was targeted by an anonymous source that leaked over 11 million documents to a German newspaper. The contents of the so-called “Panama Papers,” published in April 2016 by the International Consortium of Investigative Journalists, created numerous, sometimes career-ending scandals for the firm’s roster of high-profile clients, many of whom sought to avoid tax liability through inventive means.
But even with these highly-publicized incidents, too many law firms still lack adequate cybersecurity measures to effectively prevent breaches. A 2016 survey by the American Bar Association revealed that one in four small law firms (10 to 49 attorneys) and large firms (more than 500 attorneys) have suffered data breaches; 20 percent of firms with 100 to 499 attorneys reported breaches as well. It is time for corporate law departments to scrutinize their outside counsel’s systems, processes and vendors for vulnerabilities and mandate the closure of data-security gaps. Otherwise, they risk becoming the next victims.
Third-Party Cybersecurity Assessments Help Manage Risk
Karen Hornbeck, Consilio
Last year was a lightning rod for law firm cybersecurity breaches. In March 2016, the FBI warned of “a financially motivated cybercrime insider trading scheme” that was targeting “international law firm information used to facilitate business ventures.” That month, it came to light that several major American law firms had also been hacked in 2015. In one case, three hackers used the stolen information to net more than $4 million in an insider-trading scheme. Meanwhile, Panamanian law firm Mossack Fonseca was targeted by an anonymous source that leaked over 11 million documents to a German newspaper. The contents of the so-called “Panama Papers,” published in April 2016 by the International Consortium of Investigative Journalists, created numerous, sometimes career-ending scandals for the firm’s roster of high-profile clients, many of whom sought to avoid tax liability through inventive means.
But even with these highly-publicized incidents, too many law firms still lack adequate cybersecurity measures to effectively prevent breaches. A 2016 survey by the American Bar Association revealed that one in four small law firms (10 to 49 attorneys) and large firms (more than 500 attorneys) have suffered data breaches; 20 percent of firms with 100 to 499 attorneys reported breaches as well. It is time for corporate law departments to scrutinize their outside counsel’s systems, processes and vendors for vulnerabilities and mandate the closure of data-security gaps. Otherwise, they risk becoming the next victims.