Protecting personal information is important for everyone these days but law firm security needs to be even more stringent. Law firms deal mountains confidential information which they are legally required to secure for their clients.
Rule 1.6 – Confidentiality of Information from the American Bar Association reads:
“ A fundamental principle in the client-lawyer relationship is that, in the absence of the client’s informed consent, the lawyer must not reveal information relating to the representation. “
For more specifics on this law can be found here.
A breach of confidentiality can open you up to a costly malpractice suit from your former client. A costly settlement or other monetary damages found appropriate during a civil case is just one of several possible outcomes. Depending on how negligent the breach of information is found to be it this could lead to disbarment or even criminal charges levied against the firm.
Here are some high profile instances when law firm security led to a breach of client confidentiality:
1. Location: Panama City
Often referred to as the “Panama Papers”, this situation led to more than 11.5 million documents leaked to the public. Panama-based law firm Mossack Fonseca were the ones to blame for this PR disaster.
Over 2.6 terabytes of data were leaked to the public. This sear volume of information equates to more content than the Edward Snowden National Security Agency leaks and the 2010 WikiLeaks documents combined.
After the International Consortium of Investigative Journalists read through thousands of documents it became clear the extent of this tax-evasion scheme. This law firm helped create more than 200,000 shell corporations for the purpose of evading the IRS and other international organizations.
The implications of this case were extensive. The Iceland Prime Minister Sigmundur David Gunnlaugsson had to resign after fraud accusations. The Spanish Minister of Industry Jose Manuel Soria also resigned after the details of his family’s offshore accounts became apparent. This information also led to Uruguay arresting five individuals associated with money laundering for several Mexican drug cartels.
2. Location: New York City
On March 29, 2016 the Wall Street Journal reported one of the biggest insider-trading schemes to date. This information was exposed when hackers broke into the files of the large law-firms: Cravath, Swaine & Moore, and Weil Gotshal & Manges while during the merger process. Although this information wasn’t originally released by the Manhattan U.S. Attorney the information was able to be matched up with several news media outlets to confirm who was affected.
These law firm security hackers were linked to three foreign nationals who used this stolen information for insider trading. They were able to profit from these informed trades for more than $4 million dollars.
3. Location: World Wide
In February 2016 a Ukraine-based hacker Oleras was advertising his services on a Russian website. This prompted an alert which went out to 46 law firms in the United States and two law firms in the U.K. The Wall Street Journal reported that this hacker was associated with the March 2016 breaches which exploited several major law firms.
4. Location: London
On Feb. 24 and 26 of 2014 the U.K. firm Thirty Nine Essex Street fell victim to a cyber-attack. The technology consulting firm Booz Allen Hamilton reported that the attack was most likely the fault of the Russian state-sponsored group Energetic Bear. This group has also been linked to hacking several utility companies in the United States and Europe in 2014.
5. Location: Toronto
In December 2012 a Toronto-based law firm was hit with a computer virus. This virus was able to steal six-figures from the firm’s trust account. The hackers were able to obtain the appropriate passwords after installing a Trojan horse virus. With these passwords they able to get into the firm’s bank accounts and transfer off money.
6. Location: Washington, D.C.
In 2012 Wiley Rein, who is one of the largest law firms in Washington, D.C. fell victim to a cyber-attack. Although not of all the specifics are clear experts believe this attacked to be the fault of Chinese state-sponsored operatives. Bloomberg News believes the hackers wanted as much information as possible regarding SolarWorld who Wiley Rein was representing. SolarWorld is a German-based manufacturer which produces solar panels. Both Wiley Rein and the SolarWorld’s computers were hacked at about the same time which indicates that the manufacturer was most likely the main target of this attack.
The main issue with all of these attacks is one of protection. Somewhere along the way, there was an opportunity that the hackers were able to exploit and they very well could have been a simple one. Once this hole in security is found however they made short work of ruining these firms reputations. Decades of credibility can evaporate after a large scale attack like these. Don’t allow lax law firm security allow you to be a hacker’s next victim.
Steps to Take
1. Delete Suspicious Emails
Opening an email from an obscure or suspicious source isn’t safe. Opening links contained in those emails is even more dangerous. Occasionally even email addresses on your contact list will be hacked. If somebody you speak regularly has emailed with something out of character it might be best to delete it. Those emails might contain dangerous links and risky content which might exploit your personal information or computer.
Using antivirus will prevent many malicious programs from ever getting a chance to cause you problems. Many software companies will offer you free alternatives to their paid software. However, that software will either load you up with ads or become so annoying you upgrade to the premium version. Sometimes the premium version will have additional features or protection as well which will make it even more worth it. Windows Defender shouldn’t be your first and only line of defense. A supplemental antivirus is a major way to stay safer on the internet.
3. Employ Security Professionals
It is imperative to hire qualified IT professionals who have experience dealing with security breaches. Different problems arise depending on if it’s a phishing attack, a virus, or an active hacker in your system. With growing companies security often becomes an afterthought and the proper precautions aren’t taken. Unless you wish to employ one or more employees who sole job it is to keep up to date with current threats, outsourcing is a great option.
If you feel uncomfortable or lack the knowledge to ensure that your firm doesn’t fall victim to similar attacks, Rush Tech Support can help. Give us a call at 844-880-7874 so one of our trained technicians can evaluate your specific situation and create an appropriate protection plan tailored for you.