When Luddites Handle Cyber Security, You End Up With American Law Firms

Law firms are the biggest threat to cyber security out there. Wise up folks!

Cyber security is all the rage this week, with President Obama announcing that he’s working on a new cyber war plan and the Internets freaking out that the Super Bowl blackout was really a Chinese hacking effort.

Some of you probably assume the ATL front page was hacked this week. Don’t worry though…we made all those problems ourselves.

Cyber attacks on U.S. businesses have increased dramatically as savvy hackers look to steal financial and intellectual assets from computer systems. The smartest cyber criminals have even figured out the best way to get what they want is to avoid the target corporation entirely and aim straight for their law firm — the soft underbelly of American cyber security…

And for good reason, while corporate America and the military contemplate advanced security systems and detailed retaliation plans and elaborate encryptions, law firms are still falling for the Nigerian Prince scam at an alarming rate. And sometime soon, this is going to turn into a major legal liability for some poor firm.

Don’t law firms know that Nigeria doesn’t have princes?

I guess we shouldn’t be surprised by an industry that thinks “Africa” is a country.

Sponsored

OK, Nigeria has the Kano Emirate…that’s a kind of royal family, but you know what I mean.

Let’s face it, lawyers aren’t the most technologically savvy bunch. It’s not uncommon for firm leadership to harbor one or two partners who still have their emails printed out for them and then dictate their responses to a secretary. The idea that a massive investment in the firm’s technological infrastructure and constant monitoring boggles their mind.

And hackers have figured this out. Probably from Boston Legal reruns. Some, like Joseph DeMarco are blaring the warning klaxon for corporate counsel.

“The challenge for general counsel is to first understand the magnitude of the threat, the persistence of it, and the fact that it is not only directly against their company, but also indirectly through the company’s outside consulting companies, accountants, and lawyers,” he told CorpCounsel.com Monday.

DeMarco, an ex-assistant U.S. attorney in Manhattan, explained that it’s not uncommon for someone targeting a company’s intellectual property to steal it from firms that the company consults with, such as its law firms. He calls them “downstream victims.”

When you think about it, this is painfully obvious. Law firms handle oodles of corporate secrets on often antiquated computer systems. The threat is particularly acute at small firms without the resources for IT departments or constant upgrades. If you’re still running Windows 95, you just might have a problem.

Sponsored

Meanwhile, hackers have become so complex they can completely commandeer smartphones with one careless click of a fake software update. The FBI keeps a very helpful list of the e-scams on its radar at any given moment. It’s worth perusing and then spending an hour in sheer terror that you’ve already unwittingly sent your client’s patent designs overseas.

But cyber attacks, like most events in this country, can spawn lawsuits — against the victimsCraig Newman and Daniel Stein of Richards Kibbe & Orbe warn:

With cyber attacks on the rise, prosecutors, regulators, and the plaintiffs’ bar are all gearing up to hold corporations responsible for the inevitable losses caused by cybercriminals. And, with more confidential information, including trade secrets and other competitively sensitive material, flowing through the Internet to corporate servers and even to the cloud, the risks for corporate America increase each day. In fact, for every reported cyber attack, experts estimate that there are an additional 100 attacks that are never even detected.

What some corporate executives and their boards may not fully understand is that a cyber attack will put them in the crosshairs of potentially devastating legal challenges. Even more unsettling is the large number of scenarios in which a corporation is vulnerable to such risks, and the range of individuals and businesses that may be entitled to take legal action.

And all this liability will trickle down to the law firm identified as the source of the leak.

Insurers are creating new policies to protect law firms from third party liability claims arising from getting hacked and losing client data, but a lot of firms haven’t gotten the clue yet.

Cyber coverage at law firms “is a huge hole right now,” says Jim Rhyner, worldwide specialty E&O product manager and specialty law firm practice leader for the Chubb Group of Insurance Cos. in Warren, N.J. “There’s a lot of education going on in the marketplace right now about what the exposures are and how to protect against them.”

Well that’s super. I’m often skeptical of insurance companies explaining how essential an insurance policy may be, but this time I’m pretty sure they’re right. If you have any influence over your firm’s insurance coverage, you should probably look into this before the hackers knock down your 10-year-old firewall.

And while you’re at it, maybe improve that firewall.

New E-Scams and Warnings [FBI]
Calling General Counsel to the Front Lines of Cybersecurity [Corporate Counsel]
Trial Attorneys on Cyber Attacks [Regulatory Cyber Security: The FISMA Focus IPD]
Cyber Liability Emerging As Top Concern In Lawyers’ Professional Liability Market [National Underwriter]