Cyber Criminals Target Law Firms: Are You Next? Probably.

Cyber Criminals Target Law Firms: Are You Next? Probably.

Dec 30, 2016

“You are and will be targets of cyberhacking because you have information valuable to would-be criminals.” — Preet Bharara, United States attorney

On December 27, the media reported that federal prosecutors charged three Chinese citizens with cybercrime conducted against law firms. According to The New York Times, the three men made millions of dollars by hacking law firms and stealing the emails of partners who worked on mergers. The men then bought shares of target companies and sold them once those deals were announced.

Prosecutors framed this case as “cyber meets securities fraud” and that it “should serve as a wake-up call for law firms around the world.” Indeed, many security consultants consider the industry to be rather weak when it comes to security efforts.

This isn’t the first time nor the last time the legal industry has been targeted. Following other high-profile media reports in 2014 and 2015, Wipfli put together seven key security tips for law firms:

  1. Develop information security policies. You can’t enforce rules if there isn’t a rulebook.
  2. Encrypt as much as possible. Encrypt data at rest, in transit and in use.
  3. Manage mobile devices. Smartphones, notebooks, and other PDAs must be secured.
  4. Use multi-factor authentication (MFA). It’s a combination of something you know (password), something you have (token), or something you are (fingerprint).
  5. Conduct security training. Show, not just tell how compromises happen.
  6. Perform a security assessment. At least once a year.
  7. Prepare to respond to client requests. Your clients expect you to be proactive in your risk management and vigilant in your security documentation.

Wipfli finds that every firm is at a different level of preparedness. Where is your firm with meeting the above tips? Why not make 2017 the year your security program gets stronger and healthier.


Jeff Olejnik
Jeff Olejnik
Director, Risk Advisory Services
View Profile


Write a Comment

* = required fields

(will not be published)

(will not be published)

WipfliSecurity Blog

Subscribe to WipfliSecurity