Thursday, October 28, 2010

Technology & Risk Management: Growing Hacking Risk Facing Law Firms

The much-publicized data breach at one law firm highlights the issue of external attacks against firm information systems. A reader forwarded an interesting article published in the ABA Journal: "Cyberspace Under Siege." The author explores the threat of external intrusion attacks: “Law firms are likely targets for attacks seeking to steal information off computer systems.”

A key factor raising the profile of law firms as desirable hacker targets is the concentration of sensitive business information they store:
  • “If I want to know about Boeing and I hack into Boeing, there are a billion files about Boeing,” Paller says. “But if I go to Boeing’s international law firm, they’re perfect. They’re like gold. They have exactly what I’m looking for. You reduce your effort.”
Clients are increasingly asking more specific questions about law firm IT practices to address these risks. While industry standards are presently somewhat vague, these threats create serious liability concerns, notes Stewart Baker, a partner at Steptoe & Johnson:
  • “If a security breach involves sensitive information handled by a law firm and someone finds it on a server headed to a foreign government, then the [U.S.] government will have some very awkward questions for the company that was the source of the information and the law firm that was the source of the information.”
This is another area worth the shared attention of both risk and IT stakeholders.

No comments:

Post a Comment