[BreachExchange] Why You Need Law Firm Data Breach Response Plan

Tue Aug 9 19:25:15 EDT 2016

http://www.natlawreview.com/article/why-you-need-law-firm-
data-breach-response-plan

Hacking was once again prominently in the news when it was announced right
before the Democratic National Convention that Democratic Party emails had
been compromised. This comes after an incident earlier this year when it
was announced that hackers broke into the computer networks at a number of
well-known law firms, including Cravath Swaine & Moore LLP and Weil Gotshal
& Manges LLP, which represent Wall Street banks and Fortune 500 companies.

Sadly, we have grown accustomed to, and possibly numb, from the almost
weekly announcements that major corporations, organizations and government
agencies have been victims of cyberattacks. The potential vulnerability of
law firms is raising concerns among their clients, who are conducting their
own assessments of the firms they hire.

Law Firms in the Crosshairs

Law firms now recognize that cybercriminals are constantly looking for easy
targets and sources of potentially valuable data that can be used to steal
identities. Since law firms act as warehouses of extremely sensitive client
and employee data, they are prime targets for cyberattacks. In the new,
highly connected reality we operate in, law firms must consider the risks
these cyberthreats pose and take the data protection steps necessary to
reduce those risks. Otherwise, the oversight may prove costly.

It should be noted that, historically, most data breaches experienced by
law firms are related to the loss or theft of a laptop, thumb drive,
smartphone, tablet or other mobile device that contains sensitive client
information. Such theft can be an open door for cybercriminals to gain easy
access to a firm’s corporate network and steal confidential information.
All that said, cybercriminals are much more savvy than ever before and have
developed means of hacking into protected networks without using a piece of
the organization’s hardware.

For example, according to a March 19 article in the Wall Street Journal, in
February of this year, “a posting appeared on an underground Russian
website called DarkMoney.cc, in which the person offered to sell his
phishing services to other would-be cyberthieves and identified specific
law firms as potential targets. In phishing attacks, criminals send emails
to employees, masked as legitimate messages, in an effort to learn
sensitive information like passwords or account information. As a result,
security firm Flashpoint issued alerts to law firms in January and February
about the threats and has acquired a copy of a phishing email that is aimed
at law firms, according to a person familiar with the alerts.”

Communicating a Data Breach

Since no one can fully prevent the risk of a data breach, it’s important to
have a crisis communication plan in place to inform stakeholders in case
one occurs, and the media should they cover the story. The goal of the plan
should be to address the situation as quickly as possible and restore trust
with stakeholders. Tactics should include:

Identify a spokesperson for the firm.

Prepare written statements for employees, clients and media.

Craft message points for any media interviews.

Call key clients to inform them personally of the breach.

Post a statement on the firm’s website where it can be found easily.

As for the media, law firms should avoid the instinct to take a “head in
the sand” approach. The conversation in the media, especially over social
media, will take place whether you participate or not. It’s important to be
honest and direct when telling your story. This will allow the law firm to
better control the narrative.

The risk of your law firm’s computer network being hacked can never be
completely eliminated. As the threats continue to increase, it’s critical
to create a crisis communications plan to mitigate the fallout and reduce
the likelihood that it will have a long-term negative impact on your firm’s
reputation or bottom line.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160809/e442c381/attachment.html>