Note: An excellent article, and a serious subject... When is the last time your law firm had a Cyber TSCM sweep? Ever? Contact me, I can help. ~JDL
The dramatic rise in electronic economic espionage against U.S. corporations came into full view with a report on the trend issued by the U.S. government last November. That same month, the Federal Bureau of Investigation held a meeting in New York City with some of the weaker links in the online spy game: law firms.
It’s an issue that should be getting the attention of in-house counsel, especially as they share sensitive--and potentially valuable--data with outside counsel.
Rich with client information, law firms are often much less equipped to fend off cyberattacks than the corporations they represent. Ergo “a hacker can hit a law firm and it’s a much, much easier quarry,” Mary Galligan, head of the cyber division in the FBI’s New York City office told Bloomberg. Likewise, in a series of blog posts on this issue currently running in Forbes, cybersecurity expert Alan Paller says: “The important files relating to clients’ international activities are usually much easier to find in the law firms’ files than in the corporate files.”
Digital risk consultancy Stroz Friedberg has advised both law firms and corporate clients on this growing problem. Firms need to take a risk-oriented approach to protecting client information, says company co-president Eric Friedberg, a former federal prosecutor and an expert in cybercrime response. At the same time, he says, there are important questions in-house counsel can ask about how their files will be protected (seeCounsel’s Dozen list below).
“Attackers go where the money is,” says Friedberg. These days, law firms should assume that hackers will infiltrate their network, and they should identify which digital assets are most at risk and put the most security around those areas, he says.