Law Firms Slow to Increase Online Security, More Vulnerable Than Ever

Unprepared law firms vulnerable to hackers (Pittsburgh Tribune, 14 Sept 2014) -Computer hackers are targeting top international law firms, including Pittsburgh-based K&L Gates, to steal intellectual property data and trade secrets, the Tribune-Review found. Cyber criminals stepped up attacks against lawyers to get around defenses set up by their corporate clients, who became more protective of their computer systems, legal and cybersecurity experts said. Too often, law firms do not employ the same high level of cybersecurity precautions that many major corporations practice, experts told the Trib. In addition, experts said these hackers increasingly work on behalf of foreign governments – or at least with their implicit protection. “Law firms are a rich target,” said Patrick Fallon Jr., the FBI’s assistant special agent in charge of the Pittsburgh field office. “They don’t have the capabilities and the resources to protect themselves. Within their systems are a lot of the sensitive information from the corporations that they represent. And, therefore, it’s a vulnerability that the bad guys are trying to exploit, and are exploiting.” Federal prosecutors in Pittsburgh charged Chinese military hackers this year with stealing attorney-client communications from SolarWorld, an Oregon-based solar panel manufacturer. Computer attacks on law firms happen every day, Fallon said, and the FBI warns attorneys about the threat. Many law firms don’t do enough to protect their computer systems, especially against an attack sponsored by a foreign government, agreed Thomas Hibarger, managing director of Stroz Friedberg, a law firm in Washington. “Protecting against state-sponsored hackers is a big undertaking, and many firms have not devoted adequate resources to address this threat,” Hibarger said. “Nation-state hackers are very, very sophisticated and targeted in their approach, and it is likely they will succeed.” For corporate clients with strong computer defenses, a poorly prepared lawyer can be like an unlocked back door into an otherwise secure operation, said Vincent Polley, a lawyer in Bloomfield Hills, Mich., who co-wrote the American Bar Association’s cybersecurity handbook. Because of the high cost of cybersecurity and the hassle of protecting documents, firms often are reluctant to invest in necessary technology. “Lawyers aren’t technologically adept. They’re not particularly interested in technology, and they’re loathe to spend the resources – both time and money – to harden data” protection, Polley said.


Provided by MIRLN.

Image courtesy of