Cybersecurity Challenges for Remote Law Firms
Employees working from home are particularly vulnerable to phishing scams due to human errors and often have weak security protocols on their Wi-Fi networks, allowing hackers easier access to the network's traffic.
June 11, 2020 at 03:46 PM
5 minute read
In the COVID-19 era, law firms face numerous cybersecurity challenges and vulnerabilities from lawyers and legal staff working remotely. Employees working from home are particularly vulnerable to phishing scams due to human errors and often have weak security protocols on their Wi-Fi networks, allowing hackers easier access to the network's traffic. In fact, on March 13, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency recognized these issues encouraged those that are moving to remote working status "to adopt a heightened state of cybersecurity," because of the significantly elevated risk of malware, phishing attacks and ransomware demands amid the coronavirus pandemic.
The most important goal for a law firm is to protect its data. If a firm does not have the right cybersecurity system set up, it may have to deal with a ransomware attack. This is exactly what happened last month in May, when the law firm of Grubman Shire Meiselas & Sacks, recognized as one of the premier entertainment and media law firms in the country, was hit with a data extortion scheme. A cybercriminal ring claimed to have stolen from the firm approximately 756 gigabytes of private documents and correspondence. The hackers alleged they have possession of information on the law firm's clients past and present, including Lady Gaga, Madonna, Nicki Minaj, David Letterman, John Mellencamp, Robert DeNiro, Elton John, the Kardashians, and even companies like Facebook, Activision, iHeartMedia, IMAX, Sony, HBO and Vice Media.
The hackers issued a ransom demand of $21 million to the law firm and threatened to gradually release the stolen data if they do not receive payment. After the firm refused to pay, the hackers delivered on their threat as 2.4 gigabytes of data related to Grubman Shire client Lady Gaga was released. Some other leaked files have included contracts, telephone numbers, email addresses, personal correspondence with the lawyers related to various case files, and nondisclosure agreements made with advertising and modeling firms.
The breach not only subjects the firm to major liability to their clients, the firm may also be found to violate its ethical responsibilities under the American Bar Association's Model Rules of Professional Conduct. Certain violations of the rules may even lead to disciplinary proceedings and all violations mean that the lawyers have not met the expectations of their clients or themselves. For example, Rule 1.6 is the confidentiality provision. The prohibition is absolute, because the rule says that attorneys shall not disclose such information relating to the representation of a client unless the client gives informed consent or the disclosure is impliedly authorized to carry out the representation, or is otherwise permissible under Rule 1.6. Rule 1.6 implies that disclosure can be either intentional or accidental. Subsection (c) states that every lawyer shall make "reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client." There are several factors to consider, including the economic and noneconomic costs of the security protocol (e.g., a software system that has so many security layers that it is difficult to use), the nature of the information, and the likelihood of disclosure.
As shown, the combination of flawed technology and human errors make the home office a cybersecurity concern. Employees use their own personal computers and at-home Wi-Fi networks that are not as strong as the security, firewalls and routers at the office that firms invest in. Distractions while working from home, such as child care, roommates and not having a desk set-up like they would at the office, are having an impact on how people operate. In some cases, security policies are too much of a barrier for employees working from home to adapt to, especially if they are under pressure to hit deadlines.
Law firms thus need to address these vulnerabilities and take steps to keep their data and files secure. For example, the law firm's information technology department should have the resources they need to meet the business needs and keep the data secured. If the law firm issues computers or phones, the law firm should ensure that they are properly configured and have updated software. If the employees use their computer, they should use encrypted hard drives and virtual private network with passwords for connecting. Security experts should be consulted to create a set of policies and procedures that remote workers should follow when using the computer and accessing the network.
Additionally, all employees should be taught what to look for in phishing and malware schemes and other cyberthreats connected to the COVID-19 outbreak. All remote workers should also be provided with a list of emergency contact numbers and have them ready in case of a data breach so the IT department can handle them immediately. By taking proactive steps, law firms are ensuring that they are taking enough precautions to prevent any cyberattacks from bad actors taking advantage of this pandemic.
Brian S. Kabateck is a consumer rights attorney and founder of Kabateck LLP in Los Angeles. He represents plaintiffs in personal injury, mass torts litigation, class actions, insurance bad faith, insurance litigation and commercial contingency litigation.
Attorney Joana Fang is an associate with the firm and a member of its trial team. Fang handles a wide range of cases for the firm, including consumer class actions, personal injury, wrongful death and insurance bad-faith claims.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllCalifornia’s Workplace Violence Laws: Protecting Victims’ Rights in the Workplace
6 minute read'Nothing Is Good for the Consumer Right Now': Experts Weigh Benefits, Drawbacks of Updated Real Estate Commission Policies
FTC Issues Final Rule Banning Most Noncompetes, but Immediate Legal Challenges Ensue
6 minute readTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250