It’s no surprise to any business operating in this digital age that cybersecurity is a real and serious threat. But when people think of serious breaches, they usually recall banking, health care or tech companies as those most commonly struck by disaster. Law firms rarely come to mind.
In reality, law firms are the seventh-most vulnerable industry to cybersecurity threats, and they’re only creeping closer to the top. A recent study by security firm Mandiant found that 80 percent of America’s largest law firms have been hacked in the last five years.
When you consider the circumstances, it’s easy to see what makes law firms such easy targets. We live and work in a world where technology is constantly changing, and in which employees are increasingly working with flexible hours, spaces and devices. All of this makes it hard for a firm to design and consistently enforce its security measures.
Pair that with the mountains of sensitive information that law firms are sitting on: trade secrets, mergers and acquisition data, deal negotiations, personally identifiable information and much more. This makes them highly appealing targets for foreign governments, adversaries, intelligence entities and cyber criminals, whose hacking tactics are becoming more and more sophisticated.
On top of this, the industry’s defense is low, creating abundant opportunities for data loss and theft. Mary Galligan, head of the New York FBI’s cyber division, said that hackers see attorneys as “a back door to the valuable data of their corporate clients,” making lawyers the weakest link in a wide swath of the sector’s breaches. Additionally, less than half of America’s 100 largest firms have taken measures to handle data or information security risks—for instance, 34 percent of lawyers say their firms allow them to connect their mobile phones and tablets to the firm’s network without restrictions, making it easy to hack into an attorney’s device should it be stolen or misplaced.
As health care and financial institutions beef up their cyberdefense strategies and tactics, law firms are becoming much easier prey for malicious actors. With the already enormous threat of cyberattack looming over the industry, it’s imperative that all law firms devise and implement comprehensive defenses against cyber crime—because those hackers aren’t going anywhere.