Are Law Firms the New Healthcare of Cybercrime?
If you told someone a secret, and they went along telling people your secret would you tell them another secret? Of course not. If you told someone a secret and they accidentally told people your secret, would you tell them another? What if the secrets were insider information that could be why millions of dollars go to a hacker’s wallet instead of employee’s pension funds? The answer, of course, would be, Hell no.
That’s the main problem law firms face when they’re hacked. Not only does it tell other people that their information won’t be safe if they hand it over to a compromised law firm, but hacks also push away current clients who are afraid their information is already lost and any more they give to the firm will fall into the hands of hackers. If that wasn’t bad enough, law firms handle extremely influential corporate clients whose leaked information could not only lead to them losing money, but outrage and even lawsuits. You’ve probably heard of the Panama Papers which were revealed all the offshore financial filings of the rich and powerful around the globe thanks to a hack at the law firm Mossack Fonseca. The hacks fallout was so severe that Iceland’s prime minister resigned due a conflict of interests revealed in the leak and several other politicians were pressured to do the same. While the Panama Papers gave people around the world a glimpse of how the rich and powerful hide their wealth, not all law firm hackers have good intentions in mind. Just last December, three Chinese hackers accessed a New York international law firm’s email accounts and used the information they found to make over $4 million by simply discovering that a large biotechnology company was closing a deal soon. They also used insider information stolen from New York law firms to pull their money out of a stock before it dropped (earning them $1.4 million) and to buy stock for Borderfree before it was acquired by Pitney Bowes. (earning them $841,000)
And it looks like the hacks won’t be stopping anytime soon. Last year there was a Chicago Business report that a Russian cybercriminal was targeting the top 50 law firms in the U.S. and two in England to steal their sensitive information for financial gain. Law firms not only handle private information, but valuable information too. That’s why any law firm with a lick of sense is scrambling to update their cybersecurity right now. Similar to the healthcare industry, law firms handle sensitive information every day, but unlike healthcare providers, they aren’t bound by the same rules when it comes to data breaches. Healthcare has HIPAA which requires providers to protect medical records. If they fail, not only are they fined but they are required to notify those affected by the breach and to help them prepare for the consequences. Law firms don’t play by the same rules since they don’t deal with consumers in the same way. While there are security standards for them to subscribe to, if they don’t have to a law firm will not publicize a breach due to the bad publicity.
Law firms are under attack due to the sensitive information they handle which means they can either get smart and take their cybersecurity seriously or risk losing the trust of their clients. Don’ think that just because you’re not one of the elite law firms that you’re safe from the hacks either because that’s exactly what hackers are hoping for. The less prepared you are the easier they can get in and steal your information and clients. Don’t become a victim, take your cybersecurity seriously.
This blog has been re-posted with permission from Craig Petronella