Cyber-attacks in general are on the rise. In 2020 we witnessed security breaches at Solarwinds, Twitter, and Marriott and many other businesses. But hackers are no longer just focusing on the big giants. Today’s headlines include prominent law firms who are falling victim to cyber-attacks. Recently, we saw Jones Day law firm on the defense of a cyber-attack. Jones Day, who has many prominent clients including former President Donald Trump, had files stolen and posted on the dark web. But Jones Day is not alone, many law firms lack strong cybersecurity programs, thus making them prime targets to cyber-attacks.
Today, bad actors continue to scope out new targets. Law firms are an attractive target because of the sensitive data that they retain. Many law firms have access to highly confidential corporate data in addition to sensitive individual personal data. Law firms house highly sensitive information like financial data, corporate strategies, trade secrets, business transaction information, and other private information. In all these cases, law firms have both a legal and ethical obligation to protect their client’s data. As lawmakers attempt to enact legislation to protect consumer’s data, this ever changing legislative landscape is often difficult to maintain and implement.
Relying on in-house counsel or your IT department is not enough. To ensure your law firm is ready for a data breach, it is critical to have a cybersecurity attorney on retainer. IT security professionals are stretched thin. Many outsourced IT resources have multiple clients that they service. In an environment where we find a shortage of security expertise, recruitment and retainment of IT security staff is a challenge. They are often difficult to find and if you are lucky to have a dedicated IT security professional, rarely do they understand the law. State, local and sometimes international laws have specific legal requirements for the protection of private and privileged information, an IT team cannot manage on their own.