Experian has released its sixth annual Data Breach Industry Forecast, which highlights six key areas where companies and individuals should be aware of possible data breaches. It also singled out lawyers as specifically being easy prey to biometric, cloud and phishing cyberattacks.

The recent news of Marriott's data breach and other headline-grabbing events show how lawyers are counseling their clients through massive data breaches. But the cyberattacks should also remind lawyers and their firms to safeguard their own technology.

“They need to be just as mindful of their cybersecurity requirements as the people in the headlines,” said Michael Bruemmer, vice president of the data breach resolution group and consumer protection at Experian. 

“We have serviced a number of breaches of law firms and associations,” he added. “The most common root cause was email phishing attacks … Now that the dark web allows for basic kits for unsophisticated hackers with ill intentions, [they] can easily get spoofing attacks.”

Legal can also fall victim to their biometrics, such as ID sensors and facial recognition data, being stolen and used for unauthorized actions. Biometric data can even be altered when it's first recorded.

“Expect hackers to take advantage not only of the flaws found in biometric authentication hardware and devices, but also of the collection and storage of data,” added Experian in its report released Monday.

The report noted the pervasiveness of biometric systems, citing a Veridium study that claimed 63 percent of IT professionals are implementing or planning to implement a biometric system. That large usage rate may be based on regulations that require or suggest dual password assistance.

Bruemmer pointed to the European Union's General Data Protection Regulation, for instance, which requires companies to use multiple solutions to protect data, although it doesn't specifically suggest biometrics as a measure. However, the National Institute of Standards and Technology (NIST) does recommended biometrics to safeguard data, Bruemmer said.

The growing use and acceptance of biometrics is mirrored by the expansive use of cloud-based software to store data as well. 

“There's a ton of data on the cloud, and a lot of global law firms are storing their data on the cloud,” Bruemmer said, adding that nine out of 10 IT professionals worry over the cloud's security.

Indeed, it's not only IT professionals who are concerned. A recent survey by the American Bar Association found 60 percent of lawyers are concerned about the security and confidentiality of the cloud.

Bruemmer said the newness of cloud security and most servers being offsite are valid reasons for concern. “That's why it made it onto the prediction list, not just because of awareness [but] there perhaps is less control because it's farther away.”

Those concerns may be legitimate. In October 2018, for instance, Foley & Lardner suffered what it called a “cyber event” that disrupted its IT system but left its client data intact. Last year, DLA Piper was also affected for hours after a ransomware attack shut down numerous offices' computers and phones.