Cyber-theft is one of the fastest-growing crimes in the United States. While last year alone, companies spent more than $80 billion on cybersecurity services and products, that investment could still prove inadequate to combat the many new threats that companies face.
Many firms remain dangerously vulnerable to criminals who are working on a global scale.
For law firms in particular, cyber-attacks threaten the health and very future of their businesses. While many law firms haven’t taken cybersecurity as seriously as they ought to have, a blasé attitude to cybersecurity is simply no longer acceptable to clients today. “A lot of law firms really need to really wake up and figure out their strategies. Look what happened to Equifax,” says Daniel Garrie, Executive Managing Partner, Law and Forensics LLC and a partner at Zeichner Ellman and Krause LLP.
Indeed, the colossal Equifax hack this past September could be a turning point. One of the three major credit reporting agencies, Equifax was hit by a massive data breach that potentially exposed the Social Security numbers and driver’s license numbers of about 143 million Americans.
A similar hack on a law firm won’t expose as many customers’ data but could prove equally catastrophic for the firm’s reputation. Imagine your clients’ most vital information being stolen, and possibly extorted by a global crime ring. Threats to law firms “range from ransomware, spyware, or wipeware,” Garrie says, adding that in any case, thieves “are going to try to steal information and make money off it.”
The upcoming seminar Garrie is co-chairing — New Paradigms in Cybersecurity and Data Privacy for Legal Services, held in Atlanta on November 8 — offers a wake-up call for many law firms. “Everybody should be attending this seminar,” says Garrie, adding that top management down to information technology officials would benefit. Among the takeaways that attendees should expect are “How are we going to make this work? How do we make improvements so that it doesn’t break the bank?”
“Cybersecurity requires a symbiotic team approach with your lawyers to really be sure you’re addressing this problem. I think there’s a compelling need for integrated holistic teams.”
The opening session is entitled, “Educating Lawyers: Cybersecurity and the Human Element” and will examine how even the most advanced cybersecurity safeguards are essentially ineffective unless employees adhere to their law firm’s cybersecurity procedures. This means law firms will likely need to increase their time and budget to ensure all employees know about proper information security practices. Panelists include David Mayfield, Director of Information Security at The Home Depot; Chad Hunt, Supervisory Special Agent at the Federal Bureau of Investigation; and Andrew R. Young, Senior Information Assurance Manager of Strategic Security at the Coca-Cola Co.
“Cybersecurity requires a symbiotic team approach with your lawyers to really be sure you’re addressing this problem,” says Garrie, who will moderate the panel. “I think there’s a compelling need for integrated holistic teams. Law firms really need to start evaluating their situation and ask, ‘Do we do this on our own, or do we partner with other law firms that already have this practice?’”
Another panel, “Beyond Breach: Current Departures in Cybersecurity Incidents and Response,” will focus on how cybercriminals are shifting their tactics from crimes of opportunity to conducting more targeted cyberattacks. Among the topics discussed will be how to dedicate funding for cybersecurity, how to conduct cybersecurity audits, and how to develop a viable and routine cyber-vigilance strategy.
Indeed, in terms of cyber-vigilance, the average law firm “is behind on everything,” Garrie says. “There’s an across-the-board weakness. They’ve been too cheap… they don’t have enough dedicated people.” He’ll be one of this session’s panelists, along with Will Bracker, Senior Director of Privacy at Cox Communications, Inc., and Mark C. Ray, Managing Director and Head of Cyber Investigations for Nardello & Co. That panel will be moderated by Jon Neiditz, a Partner at Kilpatrick Townsend.
Cybersecurity is an extremely pertinent issue for M&A lawyers as well. Companies that are undertaking a merger or an asset divestiture present a ripe target for hackers — selling companies, for example, are sharing their most vital competitive information with their buyer as part of due diligence. Law firms representing both parties in an acquisition need to have key safeguards in place to protect their clients. In “Cybersecurity Around Deals and Transactions: Protecting Your Critical Data and Information,” panelists Elizabeth K. Hinson, an associate with Nelson Mullins Riley & Scarborough; Ward Pyles, Manager of Global Security at the Intercontinental Hotel Group; and Amy Yeung, Vice President and Deputy General Counsel at comScore, Inc., will discuss how to protect deal data and information through all phases of an M&A transaction.
Improving cybersecurity is a critical issue today, and this seminar should provide a host of tips and strategies for those law firms that need to ramp up their efforts. Which, it appears, is unfortunately still a great many of them.