Law firms need formal precautions against data breaches;
Effects could include damages, client loss, firm closure
TAMPA BAY, FL – While the consequences of data breaches in many industries include public embarrassment, business loss and fines, an informal survey of Tampa Bay area law firms suggests that cyber-attacks in the legal profession also risk significant real and punitive damages, loss of clients and even potential closure of the firm itself.
The poll findings, based on confidential interviews by IT audit and compliance firm 360 Advanced with six Tampa Bay managing partners, suggest that while most of the large, multi-national firms headquartered in Tampa Bay have what they believe are adequate defenses against cyber-attacks, smaller firms may not.
“They think they can’t afford to have those controls in place, but the alternative is much more costly. They have the same risks we do,” commented one principal with a large national Tampa law firm. She said her firm spends “an enormous amount energy and of money” on data security, both for the firm and its clients, and has invested even more recently as news of law firm breaches becomes more common. “We’ve had cyber security in place for 15 years, before it was cool,” she said. “This is only going to escalate as the bad guys follow the money.”
Recent high-profile cyber-attack cases include a breach at Panamanian firm Mossack Fonseca, where millions of documents detailing offshore client holdings were made public. Last fall, the U.S. Attorney for the Southern District of New York announced indictments of data thieves who had used stolen information on upcoming M&A deals to profit on the stock market.
Eric Ratcliffe, Director of Client Development at 360 Advanced, said because their client data can be held for ransom, targets for cyber-thieves also can include firms handling confidential financial settlements in divorce or federal tax cases, patent applications, critically sensitive personal injury and healthcare litigation, to name a few.
“We have a data privacy team dedicated to cyber defense and a secured operations center monitoring inbound threats,” commented a leading Bay Area attorney. “It’s a concern for everyone. Everyone is breachable. We are attractive targets.”
He pointed out that having an established, formal system of data protection that is regularly reviewed and tested can be a defense against a claim of liability, while the opposite is also true. “We prepare for the worst,” he said.
Another law firm principal, who is also a leading white collar crime expert, commented that a cyber-breach of a client matter destroys trust and will inevitably lead to client loss. “When private matters become public, the future of your firm may be at stake,” he said.
ABOUT 360 ADVANCED
360 Advanced is one of only a few specialized firms in the U.S. that assist service providers as their independent IT assurance and compliance assessor in maintaining and communicating security and compliance to their clients.
360 Advanced’s services are provided, but not limited to, the following industries: Title Services, Hosted and Managed IT, Data Center and Colocation, Software as a Service (SaaS), Healthcare, Financial Services, Insurance, HR | Payroll | PEO, Legal and Collections, Bulk Mail Printing and Distribution, Background Screening, Business Process Outsourcing and Marketing.
Services provided by 360 Advanced include HITRUST CSF, SOC 1 (SSAE 18), SOC 2, SOC 3, PCI DSS, HIPAA Security/HITECH, Microsoft Vendor Policy and other security and compliance services.
*****