Are law firms asleep at the cyber security switch?

CybersecurityThis month’s issue of Lexpert magazine makes the alarming point that for online hackers, law firms are a gold mine.

Julius Melnitzer takes an in-depth look at what law firms are currently doing to protect their clients’ information and uncovers some unsettling things:

What makes law firms even more attractive to hackers is that their cyber-security defences have tended to lag behind the defences of their clients. “As companies get more sophisticated, the attackers have moved on to secondary targets,” [Stewart Baker, a partner in the Washington, DC, office of Steptoe & Johnson, who spent more than three years as the US Department of Homeland Security’s first assistant secretary for policy,] says.

The irony is that law firms’ information can be more valuable motherlodes for cyber hackers than the data harboured by their clients. “For example, on an M&A deal, we sometimes have information or documentation that the clients themselves don’t have,” says Dick Jensen, Director of Technology at Toronto-based Goodmans LLP.

Both Jonathan Evans, Director General of the British Security Service, and Bear Bryant, the US Counter Intelligence Executive in the Office of the Director of National Intelligence, have warned publicly of the threat that inadequate law firm security poses to business. More particularly, Evans warned the managing directors of 300 UK companies that hackers were “as likely” to steal company information from law firms as they were from the company itself, that most law firms’ security was “very weak,” that lawyers often don’t pay attention to security notices and guidelines, and that significant information relating to international corporate activities are “usually much easier to find in a law firm’s files than in the corporate files.”

At least one lawyer well-versed on the issue is of similar mind. “Several years ago, while serving as the national counter-intelligence executive, I sat with colleagues discussing how we would plan an espionage attack against an American business,” writes Joel Brenner, formerly Senior Counsel at the US National Security Agency and now a partner in Cooley LLP’s Washington, DC, office, in his book America The Vulnerable.

“And then a lightbulb went on: the law firms! Of course: A company’s outside intellectual property lawyers have its technical secrets, and their corporate law colleagues are privy to strategic business plans. And lawyers don’t like taking instructions from anybody, particularly their less well paid underlings who are responsible for network security. They’re impatient. In some firms the rainmakers have nixed even simple steps, like requiring a password on mobile devices that connect with the firm’s servers. They couldn’t be bothered. Privileged with secrets, lawyers are the perfect targets. I cannot disclose what I know because it’s classified, but I can disclose that I know that my surmise was soon justified. US law firms have been penetrated both here and abroad.”


  1. The Many Faces of Mike McBride » Blog Archive » This Week’s Links (weekly) - April 14, 2013

    […] Are law firms asleep at the cyber security switch? […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: