You have been or will be hacked. It is a matter of “when,” not “if.” In this fast-paced environment, technology and devices are constantly changing—making it difficult for a busy lawyer to stay apprised of the best methods of protecting her client’s information. But recent attacks on law firms, as well as revisions to the Model Rules of Professional Conduct, require attorneys to take notice, understand technology risks, and protect their client information.
Hackers Target Law Firms
Law firms represent easy targets because they typically have clients’ sensitive trade secret and proprietary information, and that information is usually less protected when it is at a law firm. For example, law firms store client information on a single network that is often far less secure than those of the corporate clients they represent. Lawyers often use passwords that are easily cracked. Lawyers are more likely to click on malware-infected phishing email links. And lawyers review sensitive information at unsecure Wi-Fi hotspots. Also, law firms are one-stop shops for hackers. According to the General Counsel of Mandiant, a cybersecurity firm, “[B]y targeting large law firms, hackers can obtain information about hundreds or thousands of companies by breaching a single network.” Mandiant estimates that 80 major U.S. law firms were hacked in 2011. Experts believe that law firm cyberattacks have and will continue to increase.