A devastating hack can strongly affect any business, but is especially hard for law firms. Their reputation depends on how much their clients trust them, so having someone leak mountains of sensitive documents about their clients can ruin any law firm and destroy the trust clients put on them. This is why cyber security is so important for this industry.
David Kappos, a partner at Cravath, Swaine & Moore LLP, writing about law firms and cyber espionage last year, said:
“Trade secret theft costs companies billions of dollars every year. Traditionally, these crimes take the form of bribing, dumpster-diving or, as in one famous case, aerial photography. These days, industrial espionage is going digital, introducing new threats and magnifying the impact of established techniques. One study puts the cost of cybercrime at $24 — $120 billion in the U.S., and up to $1 trillion globally.”
Law firms are actually one of the most targeted entities in the world, and also one of the most vulnerable. Part of that equation makes sense: law firms have highly valuable information on file. This would be a goldmine for hackers, as the recent scandal of the Panama Papers exemplified.
Why Are Law Firms Vulnerable?
Not making as much sense is why law firms would be vulnerable. Like most industries, many law firms are having a financial crisis, making cyber security not the top priority. With this in mind, they tend to find the cheapest product available and go with it. Dozens of firms have experienced devastating breaches, causing them to prioritize purchasing cyber insurance.
John Sweeney, President and COO of LogicForce, a company that specializes in IT and cyber security in the law industry, explains why that happens:
“Many law firms lack the understanding to create a comprehensive budget for their IT ecosystem, one that is scalable and fits their economics. So, they take a piecemeal approach. The scary part is they are putting their client's electronically stored information, ranging from corporate trade secrets and valuable intellectual property to personal health records and banking data, at tremendous risk of being stolen every day.”
Other than that, research suggests that law firms are being targeted by state-sponsored cyber-criminal organizations. China and Russia both utilize information stolen from law firms to find out sensitive information. Mergers and acquisitions, bankruptcy filings, and other business dealings, are examples of what they want, to have unique advantages.
The fact is that lawyers necessarily have technological infrastructures that are enticing for hackers. Any given law firm has dozens of mobile devices, frequently transmits confidential information via email, USB flash drives, and other platforms. In addition, they have numerous employees who set their own passwords, use employee accounts, and have access to company servers. The whole picture taken together is a hacker's dream.
The solution for this issue is both legislative and technological. Legislatively, it will require cross-departmental cooperation within the U.S. government and a global commitment to establish enforceable laws. Technologically, the solution is to modernize the services offered to the legal industry up to the standards of other industries.
The individual platforms that lawyers use for many of their daily functions are powerful, but they lack cohesion. As Sweeney explains, this is something crucial:
“I usually find a mixture of hardware and software technologies with little integration, upgrade opportunity or financial discipline. Their approach to cyber security has been pretty much an afterthought, until recent highly publicized data breaches became a focal topic of the media.”
This Quora question, “why is legal technology so bad,” offers a question that law firms should be asking themselves. For the sake of their profits and our personal and sensitive information, there needs to be a worldwide reflection on this subject, in order to bring more safety to the tools used by law firms.