Posted on September 12, 2023
Want to interview Gerry?
ContactLaw firms are known for conservatism, discretion and an ironclad commitment to protect their clients. It is therefore surprising that when it comes to cybersecurity, law firms are not always at the forefront when it comes to protecting the sensitive data they hold from breaches and cyberattacks.
The most infamous data breach involving a law firm occurred in 2016. Mossack Fonseca, a Panamanian firm, specialized in helping other lawyers and investment advisors create offshore shell companies designed to shelter wealthy individuals’ bank accounts, real estate, private jets and luxury yachts from tax authorities. When over 11 million Mossack Fonseca documents were disclosed to journalists, the repercussions were global. Iceland’s prime minister resigned when it was revealed that he had millions in Icelandic bank bonds stashed in offshore companies while his government was negotiating with the banks’ creditors. The prime minister of Pakistan was disqualified by the country’s supreme court after it was discovered he had shell companies holding millions of dollars in London real estate. Mossack Fonseca never recovered from the negative publicity and shut its doors in 2018.
It was never determined whether the leak was the result of a hack or an insider’s work. Either way, the firm’s cybersecurity clearly was not commensurate with the sensitivity of the information that the firm handled.
More recently Orrick, Herrington & Sutcliffe was slammed with a class action lawsuit for a data breach in which sensitive personal information was disclosed. Over 152,000 individuals who were insured by Delta Dental and EyeMed Vision Care – Orrick, Herrington & Sutcliffe clients – were impacted by the breach. The lawsuit claims,
In short, thanks to Defendant’s failure to protect the Breach Victims’ Personal Information, cyber criminals were able to steal everything they could possibly need to commit nearly every conceivable form of identity theft and wreak havoc on the financial and personal lives of potentially millions of individuals.
In an article on Cybersecurity for Law Firms, the American Bar Association posits some powerful reasons why law firms are popular targets for cybercriminals:
As the ABA put it, “more data + easier access = prime targets.” Why wouldn’t a cybercriminal give law firms a try?
While the opportunity law firms present to cybercriminals may be unusually attractive, the methods by which they are typically attacked are depressingly familiar. Attack vectors that can cause headaches for law firms include:
Given that law firms hold sensitive data about numerous companies and individuals, it only makes sense for law firms’ cyber defenses to be at least as strong as those their clients deploy, if not even stronger.
The corporate world is rapidly transitioning to Zero Trust cybersecurity, which treats every user, every website, every transaction as potentially dangerous. Zero Trust security solutions restrict user access to data, apps and app functionality to the minimum they require to get their work done. And they require all resources to be authenticated and validated as safe before enabling access.
Ericom solutions make Zero Trust capabilities easy to implement, with solutions that are easy to manage and integrate easily with existing security stacks. Solutions include:
Websites launched from links within emails can be opened in “read-only” mode to prevent users from sharing credentials on spoofed phishing sites. Content Disarm and Reconstruction sanitizes all attachments within the cloud before downloading them to the user device.
Within the Ericom cloud, WAI applies policy-based controls to enforce least privilege access and prevent exfiltration of sensitive data, as well as airgapping networks, data and applications from user devices to prevent malware infection.
Law firms are attractive targets for cybercriminals because they hold a wealth of valuable information from multiple clients in an IT environment that may be less secure than the networks of the clients themselves. By moving to state-of-the-art Zero Trust cybersecurity, law firms can rest assured that their clients’ confidential data is just as secure as it is on the clients’ own networks and in their applications.
Air Gapping Your Way to Cyber Safety
Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.
Motion Picture Association Updates Cybersecurity Best Practices
The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.
FTC Issues Cybersecurity Warning for QR Codes
QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.