Law firms are a target for hackers. After all, what does a law firm do? They know where the proverbial bodies are buried.
Case in point.
Campbell Conroy & O’Neil, law firm to companies like Apple, Boeing, Exxon Mobil, Ford, Honda, IBM, Toyota and many others, suffered a breach.
They discovered the breach in February. They are not saying when the breach happened or how long the hackers were inside the company.
They are also not saying why it took them five months to report the breach. Depending on what states are affected, that could be a breach of state law.
They eventually figured out that they were hit by a ransomware attack. Possibly it took them several months to figure out what was taken. Maybe?
Among the data potentially stolen was names, dates of birth, driver’s license numbers, payment card info, medical info, health insurance info, biometric data and account credentials. Among other stuff.
Not to worry, however. The firm takes its responsibility to protect the data that they didn’t protect seriously.
And to show you how serious they are about your security, they are reviewing their policies and procedures and working to implement additional safeguards.
Of course, they are not saying what corporate information was taken that belongs to any of their Fortune 100 clients. They are not required to disclose that by law.
That brings me to the point of this post.
Your law firm or firms have a lot of sensitive information of yours. Potentially lawsuits, mergers and acquisitions, employee information, patent information and more.
Most law firms, in their standard boilerplate engagement letters say that security is hard and they are not responsible if anything bad happens.
Is that acceptable to you?
If not, then you need to be proactive.
Ask the firm about their security practices. Who is the firm is accountable for security?
How soon do they have to notify you if they have a breach? Five months is a long time. DoD requires their contractors to tell them within 72 hours.
Do they have cyber insurance? Who takes the lead in case of a breach?
There are lots of questions and, in many cases, law firms are either not prepared to answer your questions or don’t want the liability for their answers.
And, you want the answers in writing. Which they really won’t like.
Your call. How important is your information?
Credit: Campbell Trial Lawyers