Byte of Prevention Blog

by Jay Reeves |

“We hacked your website and we’ve got data on you and your clients.”

Now that we've got your attention.

The mere thought of hearing those words is enough to wake you up screaming in the middle of the night. Just as frightening is the idea of sitting helplessly and waiting for it to happen.

Yet that’s what many law firms are doing.

“Attorneys are increasingly targeted by cyber attackers,” writes Sherri Davidoff of LMG Security. “Breaches occur because an employee clicked on a link in a phishing email, downloaded an infected software utility, or took some other action that gave hackers an easy opportunity. From there, hackers can take over your firm’s computers, gather confidential information, and then resell it to buyers around the world.”

Davidoff’s company does penetration testing for law firms and other businesses. The goal is to discover system vulnerabilities before the bad guys do.

In this ALPS blog post, she writes of testing done for one of the biggest law firms in the world. LMG was able to enter the firm’s network via the web portal. From there, it was a breeze to download client billing information, confidential case notes, usernames and passwords for every client in their database.

Don’t worry. The story ended happily. “Within an hour, the flaw was fixed, and our client had locked up their customers’ information,” Davidoff writes. “They also reviewed their logs and verified that no one had previously accessed it.”

Think You’re Too Small to Be Targeted For a Hack?
Think again. Seventy-five percent of hacks are random crimes with no specific target, according to a report from Verizon.

Financial information is what’s usually sought.

“In 2013, an Ontario law firm lost a six-figure sum from a trust account when a bookkeeper clicked on a link in a phishing email,” Davidoff writes. “Hackers monitored her keystrokes and captured the firm’s online banking username and password as she logged on.”

Sometimes the hackers don’t just use the purloined data – they sell it. One large firm conducted a forensic audit and found not only that their security had been breached, but that the information was being sold online by subscription. Several foreign companies and at least one government had already subscribed.

Checklist to Protect Yourself
The best way to reduce your risk of a cyber-breach is to be prepared and stay alert.

Here is LMG Security’s 14-Step Cyber Security Checklist for Attorneys:

  1. Use Strong Policies and Procedures
  2. Know Where Your Data is Stored
  3. Deploy Effective Antivirus
  4. Protect Against Spam
  5. Update Your Software
  6. Backup
  7. Encrypt, Encrypt, Encrypt
  8. Limit Your Staff Members’ Privileges
  9. Train Your Staff
  10. Vet Vendors and Third Parties
  11. Respond Quickly and Appropriately
  12. Keep Your Eye on the Clouds
  13. Get Insurance
  14. Test Your Security

Buy a Cyber-Liability Insurance Policy in North Carolina

Another smart move is to purchase cyber-liability insurance. Lawyers Insurance Agency – a subsidiary of Lawyers Mutual – is the endorsed provider of the NC Bar Association.

Contact Lawyers Insurance to learn more about cyber-liability protection in North Carolina.

Sources:

About the Author

Jay Reeves

Jay Reeves practiced law in North Carolina and South Carolina. He was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He is the author of The Most Powerful Attorney in the World, a collection of short stories from a law life well-lived, which as the seasons pass becomes less about law and liability and more about loss, love, longing, laughter and life's lasting luminescence.

Read More by Jay >

Related Posts