Those who have had a security breach, and those who will.

[metoc15411]

This may be due to the fact that 89% of attorneys surveyed use unencrypted and unsecured emails by default when communicating with clients.

Hackers know this , and are increasingly targeting law firms to steal intellectual property and trade secrets. This information is incredibly valuable on the black market , according to Daniel Garry, founding editor of the Journal of Law & Cyber ​​Warfare . Garry told TribLive that assets such as corporate financial statements, proprietary software code, industrial designs, and emails fetch high prices on anonymous websites. It also has some pretty obvious benefits for opposing counsel. There’s also the threat that hackers will reveal information about corporate deals that are still in the works.

Patrick Fallon Jr. is the FBI's assistant special agent in charge of the Pittsburgh field office. He warns lawyers that computer attacks on law firms happen every day. He fails to mention that hackers aren't always illegally intercepting personal information. Sometimes it's government agencies. As the New York Times reported , an Australian intelligence agency was caught last year working with the NSA to intercept communications between lawyers at Mayer Brown, a major Chicago law firm . The American Bar Association wrote a letter to the agency reminding them that they are bound by attorney-client privilege.

It’s hard to say how common cyberattacks on law firms are overseas chinese in canada data however. As the New York Times explained , the firms’ limited direct interaction with consumers exempts them from requirements to publicly report a breach, as a bank or retailer would. But even with that limitation, security consultancy Mandiant estimated that 80 percent of the 100 largest U.S. law firms had malicious computer breaches in 2011.

Laurie Hoffman, chief information officer at law firm Goodwin Procter LLP, told the Wall Street Journal, “Our external websites are probably attacked 400 to 500 times a week” by third-party bots or denial-of-service attacks. “This type of activity is the new normal, and it’s hitting everyone.”

Large corporate clients are worried. As the threat grows, they are demanding more from their law firms to prevent breaches of confidential information, according to the New York Times.

Wall Street bankers, continuing their long tradition of not messing around, are making their firms fill out 60-page questionnaires about what they do to protect their private information. That wouldn’t be necessary if lawyers weren’t still carrying sensitive information on insecure thumb drives, using unencrypted email on unsecured iPads and using shared networks in cybercrime-heavy countries like Russia and China. The Wall Street Journal reports that background checks and security best practices are becoming routine as banks like JP Morgan Chase & Co., Morgan Stanley, Bank of America Corp. and UBS AG seek advice. They’re asking companies to show them their computer systems to learn what technology they use, who has access to their data and even making on-site visits to confirm security. In some cases, failure to comply has led banks to pass on a firm, limit work or change firms.

“Law firms can no longer afford to treat cybersecurity as an afterthought,” Clio’s social media and communications coordinator Derek Bolen wrote to me. “Law firms have incredible amounts of sensitive client data and are behind in implementing modern security standards, making them easy targets. Unfortunately, ‘data security’ is rarely part of the law school curriculum, and since roughly 50% of lawyers in the U.S. practice in solo or small firms that don’t have an on-site IT department dedicated to data security, the onus is on these lawyers to ensure they are knowledgeable about cybersecurity practices.”

Cybercrime is risky and expensive. Hackers won’t bother if law firms don’t have valuable data. It’s time for companies to build a security infrastructure that will equal or exceed the threat. The following post offers specific suggestions for reducing vulnerability to attack.

Conclusion
Law firms are becoming an increasingly vulnerable point in corporate data security. Hackers want access to client data, payment information, email, intellectual property, and trade secrets stored on law firm servers. In the next part, I’ll share specific steps to help close the gaps in your company’s digital data security.

Looking for law practice management software? Check out Platforms' list of the best law practice management software solutions .