Very few law firms will publicly admit to a data breach. In recent studies conducted by Mandiant, a cyber-security firm, estimated that over 80 major U.S. law firms were hacked in 2014 alone.
Law firms constantly collect information about their clients and cases on a single network. And it’s ironic that those networks are far less secure than those of the larger corporations they represent in the court today. That’s because law firm employees unknowingly compromise their clients’ confidentiality when they post on social networks, use weak passwords, click on infected phishing emails, and review sensitive information at public Wi-Fi hotspots.
If you haven’t considered the risk these threats pose and taken the steps necessary to reduce that risk, your oversight may prove you costly.
The pace of reported data breaches has increased significantly over 2014 thus far, with roughly one-third of the reported breaches in 2014 targeting law firm businesses. With obtained data from the Open Security Foundation and the Privacy Rights Clearinghouse, has estimated that more than 740 million online records were exposed worldwide last year in 2013, which was the worst year for data breaches in history.
It’s not just the United States in the crosshairs.
This problem is not just happening on American soil. Law firms in Canada, and the United Kingdom has also been targeted for cyber-attacks. In 2011, Canada reported that four of Toronto’s major law firms had been breached by IP addresses that lead back to China. The attack that breached the law firms was called a “spear fishing” technique. The attack was carried through emails sent to a law firm under the e-mail address of their trusted partners. Unbeknown to the recipient, the e-mail contained an attachment that launched a malware which infected the law firm’s computers. A typical malware on an unprotected computer can stay hidden on a computer for months before any red flags can be raised. By the time you find the problem, the damage has already been done.
Do you feel like it will never happen to your law firm?
Although you may believe your firm is unlikely to be the target of a hack, such attitude may be the recipe for disaster. Hackers are constantly adapting and evolving with new techniques by looking for easy targets and sources of potentially valuable information. Why is this information valuable? If the data can be successfully used to steal identities, then hackers will use it to commit fraud for days, weeks or months before the identity theft is detected.
What Information are hackers looking for?
- Phone numbers
- Driver’s license numbers
- Social Security numbers
- Financial account information
- Medical and health information
- Physical characteristics and other biometric information
- And more…
How does it happen?
The most commonly reported cyber-attack experienced by law firms is that related to a physical loss or theft of a laptop, thumb drive, smart phone, tablet or other mobile device. These types of losses occur when laptops or mobile devices are stolen, a vehicle has been broken into, or just simply “lost.” With complete access to an office email account and other law office networks, such theft can create an open door for hackers to gain access and steal confidential information in a split second. You wouldn’t even know what hit you.
When meeting a client or stepping into the courtroom, preparedness and presentation are key factors to your success. If your firm’s technology is not as polished as you are, you may be losing business.
The tools you use (laptops, smartphones, phones systems, software) are all a reflection of you and your firm. CTI can provide your firm with practice management solutions by upgrading you to the right equipment to securely manage your cases from anywhere you have Internet access – from the courtroom, to meetings, or in your office.You can now seamlessly communicate with your clients on secured devices, have access to more accurate billing and time tracking applications, and most of all your sensitive data is properly secured.
Our unified communication solutions are cloud-based, allowing you access and management of your email, voice mail, and case files. At CTI we work closely with you to design the right system for your business, and help you keep pace with the competition