[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] 25 Tips to Prevent Law Firm Data Breaches


By Sharon D. Nelson & John W. Simek
Wisconsin Lawyer
Vol. 85, No. 11, November 2012

Another day, another data breach. Data breaches have proliferated with amazing speed. Here is the roundup of some of the largest victims in 2011 alone: Tricare, Nemours, Epsilon, WordPress, Sony, HB Gary, TripAdvisor, Citigroup, NASA, Lockheed Martin, and RSA Security. Some mighty big names on that list.

Don't be lulled into thinking that law firms (large and small) aren't suffering data breaches just because they don't have millions of clients affected. On Nov. 1, 2009, the FBI issued an advisory, warning law firms that they were specifically being targeted by hackers. Rob Lee, an information security specialist who investigates data breaches for the security company Mandiant, estimated that 10 percent of his time in 2010 was spent investigating law firm data breaches.

Matt Kesner, the CIO of Fenwick and West LLP, has lectured at ABA TECHSHOW and appeared on a podcast acknowledging that his law firm has been breached twice. As he has also noted, it is very unlikely that we know of most law firm data breaches because the firms have a deeply vested interest in keeping breaches quiet. This may be less true in the future now that 46 states, including Wisconsin, have data breach notification laws. But as of October 2012, there is still no federal data breach notification law.

Shane Sims, a security practice director at PricewaterhouseCoopers has said, "Absolutely, we've seen targeted attacks against law firms in the last 12 to 24 months because hackers, including state sponsors, are realizing there's economic intelligence in those networks, especially related to business deals, mergers, and acquisitions." Matt Kesner has noted that China is often responsible for state-sponsored hacking â but that China doesn't waste its "A" squads on law firms: because law firm security is so dreadful, the rookies on the "C" squads are good enough to penetrate most firms.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!