(Illustration via iStock)
This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.
With the Panama Paper incident and other noteworthy recent law firm security breaches top of mind (see, “Hackers Breach Law Firms,” Wall Street Journal (March 29, 2016)), law firms in the U.S. and around the world are increasingly concerned about being hacked by cybercriminals (see, “Cyberattack Exposes Law Firms’ Weak Spots,” Wall Street Journal (Dec. 29, 2016). In response, many firms have significantly upgraded their perimeter security systems to ensure that only authorized and authenticated users can access their systems. Yet perimeter security is only one part of a comprehensive legal data security strategy and by itself leaves open a weak spot — attackers who, using phishing or other methods, are able to bypass strong perimeter security systems, and once inside find themselves able to access a firm’s emails, documents and other work product.