Network Security for Legal Services: Risks and Recommendations

Until recently, law firms and especially legal services offices were rarely targeted by nefarious organizations. That state of relative peace changed drastically in January, when a hacker group, “Dark Overlord” threatened dozens of law firms to expose confidential information regarding the slew of litigation and suits resulting from the September 11th terrorist attacks.

Dark Overlord claims to possess 18,000 legal and insurance documents, items gleaned from Hiscox and Lloyd’s of London, as well as Silverstein Properties and other, undisclosed victims. Hiscox tried to blameshift to an as-yet unidentified law firm that advised Hiscox and some other organizations; however, no one really knows who to blame.

And regardless, now the problem is the thousands of confidential documents that Dark Overlord is threatening to release — if a hefty ransom is not paid.

How would your firm respond? Would you be able to rebut Hiscox’s blame shifting adequately, or would it be difficult for your organization to prove that it was not the cause of the leaks?

Legal Services Risks

The Dark Overlord hack is more than a thorn in the side of firms connected to September 11th legal action; it highlights the existence and potential landscape of a new type of bramble, one specifically designed to hit legal services where it hurts most, confidentiality.

This latest is not the only big legal hack in recent history: 2.6 terabytes of data were leaked from Panama-based law firm Mossack Fonseca. Cravath, Swaine & Moore, Weil Gotshai & Manges were hacked as well.

Some of these firms held damaging secrets, but even the most morally upright legal services organization would suffer from a ransomware event. The Dark Overlord debacle is only the most recent warning of a potential nightmare scenario, one that fortunately, we can take immediate steps to avoid.

Shoring up Legal Services Network Security

Although the most popularly known legal hacks have involved private firms, many of which were breaking the law themselves, this latest threat reveals an obvious fact about hackers: At the end of the day, it’s about money. If a hacker knows that confidentiality is valuable, then it does not matter why. Whether the scandal would focus on a multi-million dollar organization or a single individual living in poverty, the bottom line is the cost of keeping that information safe.

Legal services can shore up their network defenses by taking precautionary measures.

Recommendations for Network Security: Legal Services

  1. Keep Software Updated: Many of the most recent threats have infiltrated networks by way of antiquated software. Either old Operating Systems have published vulnerabilities that have made old versions easy to breach, or software vendors have not updated their security protocols adequately.
  2. Spread Security Awareness: Every employee is a potential entry point, and it only takes one. The vulnerability might be opening a malware email attachment, or it might be using the same password for the office as they use for their bank. It might be using public Wi-Fi without a Virtual Private Network (VPN), or Bluetooth. Every single one of these actions would be easy for a hacker to exploit, and yet most of your employees perform these bad practices daily, exposing your firm. Make sure you communicate the seriousness of network security to your entire team, and make sure that everyone stays updated with the latest protocols to keep your network secure.
  3. Redundancy: In IT, redundancy is a common term, but many law offices never take the time to consider what will happen in the case of a hack, or even a server malfunction. It is critical to have a backup plan, so that in the event that something goes wrong, whether it be weather-related or hacker-related, the firm will continue to be able to help its clients.
  4. Office Security: The most effective hacks still use a combination of virtual and real-world strategy. Make sure that the office is secure physically and that through-traffic cannot see sensitive information, such as passwords out in the open. Also, make sure that employees use screensaver passwords to prevent unauthorized access to network computers.

Questions about Network Security?

Call Platte River Networks for a free consultation.