Law Firm Internet Security and Data Protection
UPDATE November 2020 :
Recently the European National Security Agencgy, ENISA, has published a report pointting an increase of cyberattacks since the generalisation of WFH (Work From Home, due to the COVID-19 pandemic.
Since the ECJ decision in Juily 2020, Schrems-II v Facebook, It has been cleared that no personal data should leave the European Economic Area, EEA, or transferred in the hands of a US Communication Provider, a principle extended to any country not benefiting from an adequacy agreement. Therefore, all legal professions regularly exchanging data outside the EEA, need to take specific measures to ensure the security of these data, at an equivalent level as the protection offered by the GDPR within the EEA. Data subjects whom data are being exported have to be informed in all transparency, of the risks associated to such data transfer.
➡️ “70%_of the data breaches expose e-mails. Although username/e-mail and passwords (i.e credentials) are easily changed in contrast with personal details (i.e. date of birth), the focus is mostly on these in data breaches.”
Further read :
“Pour moi, il y a eu un avant et un après le mercredi 26 octobre 2016,raconte, la voix ferme et haute, la robe noire de 68 ans, spécialisée en droit corporel.J’ai perdu quatre années de vie, de données et de pratique professionnelle.»
…the insurance company sued the law firm in federal court in Kansas City. Hiscox Insurance Co., et. al., v. Warden Grier, Dkt. No. 4:20-cv-00237-NKL (E.D. Missouri). The company alleged that the law firm breached its legal obligations under the retainer agreement with the company, that it breached its ethical obligations to protect client confidences, and that it was negligent in failing to protect the client data.
Data breaches are unfortunately becoming more common, and law firms, given the sensitivity – and therefore value – of the data they handle, are falling victim to cyberattacks at an alarming rate.
Just recently, we’ve seen a major data issue at legal software provider Advanced Computer Software, affecting over 190 of the industry’s most prestigious law firms.
In nearly six months, at least seven law firms have been infiltrated by ransomware, according to media reports. Of the attacks, hacker groups Maze and REvil have taken responsibility for them all.
Both groups are well-known, said Mark Sangster, vice president and industry security strategist of cybersecurity firm eSentire. And unfortunately for legal, Sangster added, “it seems they lately have turned their focus upon law firms.”
‘La moitié des entreprises en France et dans le monde a été victime de fraude au cours des 24 derniers mois’ être en conformité #RGDP aurait sensiblement réduit les risques d’exposition des données. Le Monde du Droit
A lire plus en detail LES PROFESSIONNELS DU DROIT ET LA PROTECTION DES DONNÉES.
Un système informatique non sécurisé du cabinet d’affaires Mossac Fonseka est ce qui a permis la divulgation des Panama Papers. The security flaws at the heart of the Panama Papers
Three Chinese citizens have been criminally charged in the United States with trading on confidential corporate information obtained by hacking into networks and servers of law firms working on mergers, U.S. prosecutors said on Tuesday.
🌸. Marie-Hélène FABIANI @Carole Painblanc cc François RUHLMANN-FOURNIER – Avocat, Médiateur et Arbitre cc Clotilde LEPETIT cc Brigitte Bogucki cc Xavier Autain cc Julie Couturier cc Vincent Nioré cc Nathalie ATTIAS cc geneviève CATTAN cc Margaux Durand-Poincloux cc Chloe Bouchez cc Joëlle Monlouis
👨🎓. Cybersécurité ➡️ Ransomware ➡️ Data Breach
➡️ Sensitive data ➡️. ENCRYPTION
➡️ Transmission des données hors EEA
➡️ CEJ Schrems-II ➡️ Cookies ➡️ Directive ePrivacy
➡️ Planet49 ➡️ Fashion ID
La #cybersécurité des cabinets d’avocats ? Parlons-en avec la Présidente du CNB Conseil national des barreaux – les avocats, Christiane Féral-Schuhl: “Désormais la cybersécurité fait partie de la pratique quotidienne de l’avocat” > https://lnkd.in/dUwUPh9
Mossack Fonseca hack and the Panama Papers scandal should have been a wake up call for all law firms to take clients data security more seriously. Here is Why we Should All Care About Panamapapers even if we have no offshore investment.
Law Firm Cybersecurity is at high risk. Dozens of big firms are targeted by hackers seeking for sensitive financial information. Major law firms including Cravah and Will Gotshal have suffered data breach. FBI has issued warnings. Still too many use insecure email exchange for information transfer.
…both Weil Gotshal & Manges and Cravath, Swaine & Moore as well as other firms have suffered data breaches in recent months, put new attention on the potential consequences for law firms with lax security.
Daniel Solove, US privacy scholar wrote
Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be catastrophic. On a scale of 1 to 10, the risks law firms are facing are an 11.
Daniel Solove describes the situation and offers solutions to avoid the harms caused to the reputation and clients of a law firm attacked.
Just as an example, here is a List of data breaches and cyber attacks in February 2017. Recently, 1500 companies in over 100 countries hit by malicious Adwind backdoor RAT.
The CNIL, French Data Protection Authority has been publishing advices, including easy ways of encryption. I still hear Solicitors, lawyers, Notaries, exchanging sensitive data via simple emails or Dropbox. These are recipes for disaster and lack of consideration for clients. Apart from the reputation disaster, the GDPR new EU data protection regulation has serious fines to consider. Think well before too late : 20M Euro or 4% of world turnover fines.
Sometimes the treat comes from an insider. You might want to monitor live transfer of data from your network. If your employees bring their own devices, here is a good advice from the UK ICO.
I keep my sources of information updated on Pearltrees curation:
- Law Firm data security
- The Panamapapers scandal and the law firm Mossack Fonseca.
- 5 Cybersecurity Habits Law Firms Should Kick in 2019
- Read Website Transparency and Cookies and Privacy Notices
- Read GDPR Material and Territorial Scope
- Read All You Need to Know About GDPR
- This work is licensed under a Creative Commons Attribution 4.0 International License.