The American Bar Association (ABA) has put law firms on notice that they are prime targets for hackers. Harvey Rishikof, co-chair of the American Bar Association’s Cybersecurity Legal Task Force, described law firms as a “treasure trove” of attractive information.Law firms handle a variety of high-value information including intellectual property such as patents and trade secrets, insider information on corporate deals and mergers, details on accounts and executives, sensitive information regarding lawsuits, and personal information and other corporate data.
Cybercrime has largely evolved into an organized and profit-driven business that thrives on casting a wide net and exploiting the weakest members of the supply chain in order to obtain valuable information. Hackers often view a law firms’ defenses as weaker; with less resources dedicated to cybersecurity. And law firm management and staff typically lack awareness of the latest cybercrime trends.
Not only is there a legal and ethical obligation for firms to keep up with the cyber threat landscape and protect client data, but it is now quite often a client-driven demand. Firms with stronger cybersecurity practices are better positioned while those that lag behind may find their clients seeking out counsel that can provide more assurance.
In August 2014, the ABA adopted a resolution encouraging: “… all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations and is tailored to the nature and scope of the organization and the data and systems to be protected.” As they noted at the time, the resolution includes law firms.
Here are three ways law firms can begin to strengthen their cybersecurity posture:
- Protect access to data by using best cybersecurity practices
- Protect data in the cloud
- Risk awareness training
It is imperative that law firms begin to employ at least the basic security protections as well as develop an understanding of the cyber risks facing them and the potential pitfalls that may come as a result of a cyber-attack. Contact ACE IT Solutions 646.558.6358 for a cybersecurity assessment. We can evaluate your current infrastructure and advise on how best to secure your network from inevitable cyber attacks.