Cybersecurity is job number one for all litigation attorneys who handle confidential computer data. That’s because electronically stored information (ESI) held by law firms is now subject to frequent attack by criminal hackers. They have figured out that attorneys store valuable data of their clients in law firm computers. So when hackers cannot get at a company’s data directly, usually because it is too well defended, they try to get to it through their law firms. Hackers have found that many law firms are lax in cybersecurity, or as I like to put it when lecturing on the subject: law firms are the soft underbelly of corporate cybersecurity. Realizing the seriousness of cyber crime today, Jackson Lewis has taken steps in the last few years to significantly strengthen its systems, with the focus on protection of client ESI.
Our concern and efforts are well justified. Mary Galligan, the special agent in charge of cyber and special operations for the FBI’s New York Office, is reported by Law Technology News as saying: “We have hundreds of law firms that we see increasingly being targeted by hackers.” Confidential client ESI can also sometimes be stolen by unethical competitors willing to engage in illegal eDiscovery by hacking. They may do so to try to crush a competing business, or even just to win a law suit. We have seen this ourselves and successfully counter-responded.
This problem is intensifying each year as cyber criminal activity increases and the amount of confidential information stored in computers increases. In large cases today attorneys must often search all of the emails and other communications of top corporate executives. These communications are usually filled with business trade-secrets. ESI subject to discovery may also contain highly confidential financial records, employee records, and customer information. It may also contain protected personal information, including health care information and credit card numbers.
All of this confidential information has a value to criminal hackers. Any law firm that does not realize that it is subject to cyber attack is naive. The best firms today, including Jackson Lewis, are very aware of these threats and proactive in protecting their computer systems, especially their clients’ confidential data.
Fulfillment of every lawyers’ duty to maintain client confidences in today’s world of cyber attacks requires much more than legal knowledge and legal skills. It requires sophisticated computer knowledge and skills far beyond legal practice. That is why cybersecurity experts should be used to assist in any law firm’s data protection efforts. A team approach is necessary.