From Kathy O’Brien, writing in the National Law Review:
In March 2016, the FBI warned that hackers were targeting large international law firms to steal confidential client information and use it for insider trading, corporate espionage and other criminal purposes. Are law firms any more secure now? And the bigger question: Are they prepared to handle a cyber event?
As more and more clients send cyber due-diligence questionnaires to outside counsel to confirm that their sensitive information is secure, law firms have shored up their defenses, but a recent report by Logicforcefound that is just not enough. Of the 200 law firms surveyed for their Q1 2017 Law Firm Cyber Security Scorecard, every one was targeted for confidential client data in 2016–2017, and approximately 40% did not know they had been breached. The report also found that the size of the firm made no difference: Large and small firms alike were targets. Logicforce’s Q4 2017 Law Firm Cyber Security Scorecard didn’t note much improvement by the end of the year. In fact, 48% of law firms had their data security practices audited by at least one corporate client in the past year.
With these jarring statistics, it is only a matter of time before another law firm is hacked. When it happens, will that law firm be prepared to mitigate the reputational damage that will inevitably follow? As with any crisis, a law firm’s business and reputation hangs in the balance after a cybersecurity breach. If it’s handled well, though, a firm can regain trust and rebuild its brand. Here’s how.
For the rest of this article, click here.