Extract from Aidan Macnab’s article “How to Improve Digital Data Security in Law Firms”
Product information, banking details, customer lists, intellectual property – because of the sensitive information they hold on their clients, law firms are an attractive target for hackers and cyber criminals.
When George Socha began practising law in the late ‘80s, if a law firm had a computer system, it was secure by nature of its simplicity. “There was little opportunity to get at that data,” he says. “You would need to break into a server room, physically connect to that server in that room and get the data that way.”
As the technology advanced and law firms moved more and more online, there has become more and more opportunity for cyber crime. And as people develop advanced protective mechanisms, others keep devising new and creative methods to overcome them, which the first group then learns how to anticipate and prevent, and the cycle continues. “It has been a cat and mouse game all along the way,” says Socha, who is a lawyer, ediscovery expert and senior VP of brand awareness at Reveal.
Hackers may want to steal a law firm’s data to sell it to third parties or to hold it hostage until a ransom is paid. In Clio’s “2022 Law Firm Data Security Guide: How to Keep Your Law Firm Secure,” author Teresa Matich suggests firms protect themselves with an incident response plan.
She recommends that such a plan covers the following bases: “Contain the damage and begin any recovery protocol; Connect with a data breach expert; Notify your insurance provider; Report the incident to law enforcement; Ensure all third parties are notified; and make compliance a top priority.”