Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back

Law Firm Hacks Abound – Do You Think You Are Immune?

Written by: Cameron G. Shilling

Published in NH Bar News (2/17/2021)

Hackers are intentionally targeting law firms, and are likely to continue doing so for the foreseeable future. Headlines have exposed recent breaches at some large and prominent firms, like Goodwin Proctor, Seyfarth Shaw, Cadwalader, and Peabody & Arnold. But, it would be a mistake to believe that hackers targeted only those types of firms. The lists maintained on the websites of the Attorneys General for New Hampshire and Massachusetts reveal that hacks of small and medium sized firms are far more common and damaging.

No firm is immune from cyber threats. Small and medium sized firms are just as valuable targets, and generally more vulnerable. As trusted counselors, we all possess sensitive, personal, and privileged client information. For example, the rosters of breaches noted above show that the targets cover the spectrum from solo practitioners to large firm, and from general practice to specialty firms, especially in the areas of business transactions, tax, estate planning, family/domestic law, real estate, pensions and benefits, immigration, and personal injury.

Sophisticated Ransomware Is the Biggest Threat

Ransomware attacks perpetrated a few years ago typically only encrypted computers and servers, yielding a demand for ransom to obtain the decryption key. Cybersecurity evolved to counteract this threat, including through the use of a combination of advanced activity-based applications that detect ransomware activity and deactivate systems before all data is encrypted, with robust backups that can be used to restore encrypted data.

As a consequence, hackers evolved too. Now, sophisticated ransomware that is typically undetectable by routine anti-malware first extracts data from computers and servers and then encrypts it. Thus, if the target lawyer or law firm refuses to pay the ransom to decrypt its systems, the hackers re-demand ransom to refrain from selling the stolen client information on the dark web.

No Target Is Too Small, and No Practice Area Is Ignored

In years past, hackers may have focused more effort on larger businesses that accumulated credit cards, social security numbers, governmental identification numbers, financial information, or health information. That is not true anymore.

Because big firms generally have invested cybersecurity, smaller ones are now much softer targets. Also, while the foregoing type of information remains generally valuable, some types of its (like SSNs and governmental IDs) have been broadly compromised already, and other types (like credit cards and financial accounts) are surrounded by sophisticated protections. Broader personal information is equally or more valuable for hackers to perpetrate identity or financial crime. For those purposes, the client information we have is prized, like information about assets, finances, monetary and other transactions, family relationships, and sensitive information about their personal lives. Finally, hacking has increased its efficiency by segmenting the criminal enterprise, such as for code writing, phishing, deploying attacks, collecting and aggregating data, perpetrating crime, etc. That efficiency, in combination with greater automation in phishing and deploying attacks, have enabled hackers to exponentially expand their target population.

We All Can Afford Cybersecurity, and Can’t Afford to Ignore It

Two big hurdles for law firms is a lack of knowledge about how to address cybersecurity, and a misconception that doing so will be expensive or disruptive. Neither are prohibitive barriers.

With respect to the first issue, many articles (including here), CLEs, and other resources (such as the ABA Cybersecurity Handbook) exist to educate us on this topic. Also, the market now has a selection of information security professionals qualified to provide services to a wide variety of small, medium, and large firms.

With respect to cost, there is good news for smaller firms. Their relatively smaller technological and physical footprint generally makes it is easier and cost effective to assess their vulnerabilities and implement reasonably safeguards. By contrast, larger firms commonly have established technology systems and office spaces that were designed without necessarily addressing current cybersecurity controls, which means that they may have more vulnerabilities that can be costly and operationally challenging to mitigate. Additionally, we all allocate a certain amount of resources to technology, and an experienced professional can help configure that same budget to incorporate cybersecurity safeguards with limited or no additional costs.

The firms that have experienced hacks know all too well that we cannot afford to ignore these risks. Ransomware cripples a firm for days or weeks, can be exorbitantly expensive (particularly if a firm has no insurance coverage), and often results in loss of clients and business. Hackers will continue to target law firms. It is our duty to protect ourselves and our clients.

Integrity and trust

At McLane Middleton we establish and maintain long-standing relationships with our clients to help us better achieve their unique goals over time. This approach to building trust requires that our esteemed lawyers and professionals use their broad, in-depth knowledge and work together with integrity to ascertain sound resolutions to legal matters for their clients.

Strength in numbers

McLane Middleton is made up of more than 105 attorneys who represent a broad range of clients throughout the region, delivering customized solutions. As a firm we are recognized as having the highest legal ability rating. The firm is rated Preeminent by Martindale Hubbell and is recognized as one of the nation's leading law firms in Chambers USA. Our attorneys are distinguished leaders in their respective practice areas.

Meet Our People

Commitment and collaboration

McLane Middleton's versatile group of attorneys and paralegals become trusted authorities on each case through collaboration. We work with our clients to learn their individual needs first and foremost and, together, we develop comprehensive solutions to their specific legal matters. This approach helps us exceed our clients' expectations efficiently and effectively, client by client, case by case.

Practice Areas

A history of excellence

McLane Middleton was established in 1919 in New Hampshire, and has five offices across two states. However, deep historical roots don't allow you to become innate. Our firm is organized, technological, and knowledgeable. Our history means we are recognized. But our reputation is built on the highest quality of service and experience in very specific areas of law.

The Firm

Intelligence paired with action

Our team continuously seeks opportunities to enhance their professional development and put key learnings to action. The pursuit of further insight guides us to volunteer service opportunities, speaking engagements, and teaching roles. Our lawyers are sought after thought leaders across their industries, and recipients of leadership awards throughout the region.