legal tech

January 14, 2022

How Law Firms Should Handle Cybercrime

Law firms are extremely unique places of business. They don’t rely on releasing products, but on a specific service that requires the collection of confidential information from clients. Further, because law firms typically serve multiple clients at a time, they hold a wealth of information on both corporations and individuals. And this knowledge isn’t run-of-the-mill company fun facts; it’s the scandalous, salacious, highly-confidential information that would cause chaos if publicly revealed.

Unfortunately, cybercriminals have realized this, and have taken decisive action. In the past few years, law firms have become a prime target for cybercriminal organizations because of their combination of valuable data and relatively lax cybersecurity. This culminated in a 2020 attack by REvil, a notorious ransomware gang, on Grubman Shire Meiselas & Sacks, demanding a USD $42 million ransom for the near-terabyte of stolen data [1]. Overall, 29% of firms recorded a security breach in 2020, according to an ABA survey [2].

It’s clear that law firms are a top target of cybercriminal gangs. Therefore, it’s important to stay informed on these gangs’ strategies, and the best ways to prevent cyberattacks.

How do Cybercriminals Attack Firms

Although cybercriminal organizations typically have “go-to” strategies, there isn’t one specific way that all law firms are attacked. Whether it be with phishing emails, malware, or even insider attacks, there are a variety of ways that law firms can be targeted. While large firms were mostly targeted a few years ago, cybercriminals have recently shifted their priorities. Due to the global crackdown on ransomware gangs, these diabolical organizations started to target small and mid-size firms, avoiding the publicity (and government attention) that an attack on large firms would bring. In fact, mid-size law firms have become the prime target for cybercriminals [3]. After all, these firms still have loads of valuable information, but likely have much less stringent cybersecurity measures.

Concerningly, fewer than half of all law firms use simple security measures like two-factor authorization and file encryption [2]. With a significant portion of firms having no cybersecurity protection beyond usernames and passwords, it’s no wonder that cybercriminal gangs have raked in money from desperate firms. In 2021, the average ransomware payment was USD $140,000, a massive figure for small and mid-size firms [3]. Unfortunately, if an unprepared firm is hit with ransomware, there is typically no other option but to pay the cybercriminals to unlock their encryption and return the stolen data. That’s why the best defense against cyberattacks is preparation.

Legal and Moral Obligations

While there is no federal law requiring law firms to have certain cybersecurity precautions, some individual states and industries do regulate firms’ cybersecurity practices. For example, firms that handle financial data may be subject to the Sarbanes-Oxley Act of 2002, a law that mandates stringent recordkeeping and reporting [4]. Further, certain states like New York and California have more cybersecurity regulations on their books. For example, New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act mandates prompt public disclosure in the event of a security breach [4]. These regulations ultimately help firms stay prepared for cyberattacks, while also serving the public interest if a cyberattack were to occur. Failure to follow these regulations could lead to investigations, lawsuits, fines, and an overall loss of public trust.

In addition to federal and state laws, law firms must also follow the American Bar Association’s (ABA) Model Rules of Professional Conduct. One rule states that lawyers must take

Reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client [4].

Additionally, the ABA requires firms to reasonably inform clients about the status of a cyberattack. While the term “reasonable efforts” is certainly open to interpretation, the ABA is clear: It’s an ethical obligation for firms to prepare for cyberattacks. In today’s digital world, handling client data unsafely isn’t only irresponsible; it’s immoral.

What Can Law Firms Do?

So, we know that law firms are ethically, and in some cases legally, required to take reasonable precautions for cyberattacks. But what exactly can firms, particularly small and mid-size, do? Businesses like this simply can’t afford the cybersecurity infrastructure of large firms, with dedicated staff and numerous expensive programs. Thankfully, providing strong protection from cybercrime is simple and inexpensive.

The best way to prevent data breaches and ransomware attacks is to cultivate a culture of security in the workplace. Specifically, this means embracing simple safeguards like two-factor authorization and file encryption. Just taking these two precautions vastly lowers the risk of a successful cyberattack. Additionally, having yearly (or even twice-a-year!) training on cybersecurity risks helps create a culture of security as well. Think about it: Phishing emails are typically well-disguised. But if all employees know the difference between an innocent work email and a nefarious phishing attempt, your firm will be significantly safer.

Finally, in the unfortunate case that a firm is hit with a cyberattack, it’s extremely useful to have an incident response plan. As a cyberattack is occurring, every minute counts, and having a specific plan can be the difference between a devastating data breach and a failed attempt. If employees know what to do immediately, whether it be turning off all computers, shutting down Wi-Fi, or calling a trusted expert, firms can minimize the risk, or at least lessen the impact, of a surprise cyberattack. Unfortunately, just 34% of firms maintain an incident response plan [2]. While this is an increase from past years, this shows there is still a long way to go regarding cybersecurity at law firms.

About AXEL

Law firms will continue to be targeted by nefarious cybercriminals. Thankfully, AXEL is prepared. At AXEL, we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go, a secure file sharing software. AXEL Go uses military-grade encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Shankar, AJ. “Council Post: Ransomware Attackers Take Aim at Law Firms.” Forbes. Forbes Magazine, March 11, 2021. https://www.forbes.com/sites/forbestechcouncil/2021/03/12/ransomware-attackers-take-aim-at-law-firms/

[2] Loughnane, John. “2020 Cybersecurity.” Americanbar.org. American Bar Association, October 19, 2020. https://www.americanbar.org/groups/law_practice/publications/techreport/2020/cybersecurity/

[3] Dalton, Brian. “Law Firms Stagger through Ransomware Attacks.” Above the Law, November 2, 2021. https://abovethelaw.com/2021/11/law-firms-stagger-through-ransomware-attacks/

[4] “5 Cybersecurity Risks and 3 Obligations for Law Firms.” The National Law Review, July 8, 2021. https://www.natlawreview.com/article/5-key-data-privacy-and-security-risks-arise-when-organizations-record-job-interviews

December 10, 2021

INTERVIEW: How COVID Changed the Courtroom (and the Future of Law)

When COVID-19 struck the United States in January of 2020, every industry in the United States (and, really, the world) was shaken. It forced everything from mom-and-pop restaurants to the largest law firms to send employees home, left to their own devices to figure out how to run a business from miles away. This problem was particularly evident for those in the legal industry. As the pandemic continued into April, firms began to take drastic measures in response to decreased demand for legal services. Many law firms opted for pay cuts, in an attempt to save as many jobs as possible. However, some firms were still forced to lay off paralegals, attorneys, and other legal professionals^[1].

While the demand for legal services subsided at the beginning of the pandemic, there was no decrease in the need for legal services^[1]. After all, the pandemic provided a bevy of new legal questions that attorneys and clients alike had to ponder. So, while people weren’t speaking with lawyers during the height of the COVID-19 pandemic, a backlog of people needing legal help was growing quickly. Although business was down during the height of the pandemic, two attorneys, Nancy Rapoport and Joe Tiano Jr. predicted that the pandemic would only cause temporary struggles for the legal industry, while also forcing old-school firms to innovate.

Nancy is the Garman Turner Gordon Professor of Law at the William S. Boyd School of Law, University of Nevada, Las Vegas (UNLV), and Joe is a former lawyer turned businessman who founded Legal Decoder, a legal tech software that optimizes efficiency and pricing uncertainty. Together, they authored The Legal Industry’s Second Chance to Get it Right, which foresaw the legal industry’s comeback in February 2021, and they offered their insight on the future of law in an exclusive interview with AXEL.

How COVID Changed the Courtroom

“All of the stuff that we thought we knew about the practice of law has been wrong,” Rapoport says. Regarding the pandemic, she says, “it gave us a chance to rethink what a law practice should be.” While nearly every industry had to learn new things like Zoom meetings at the beginning of the pandemic, legal professionals faced unique challenges.

“The inability to read a witness’s or deponent’s body language … Doing it over Zoom is a challenge,” Tiano said. “You can’t read body language. It’s kind of hard to see inflections … It had to be an enormous hurdle for any lawyers who’ve been practicing the same way for decades.”

In addition to these remote depositions, the COVID-19 pandemic introduced new ethical dilemmas for legal professionals as well.

“There are now cases saying ‘Lawyers, stop texting your clients’ answers.'” says Rapoport. She describes a case where attorneys would communicate with witnesses during testimony through email, an impossible task to pull off in a physical courtroom. “No one does that because it’s unethical, but now we have to come up with all of these new ways of dealing with court and mediations, bringing people into separate rooms, dealing with witnesses.”

The Legal Industry’s New Challenges

Even before COVID-19, some observers predicted a radical change in how firms charge their clients^[2]. For years, law firms big and small have used the “Billable Hour” model, a simple formula where a firm charges the client a certain cost per hour. Put simply, “[the billable hour] is the economic model upon which a law firm operates,” Tiano says.

After the pandemic hit and the demand for legal services dropped, many predicted that this radical change would finally occur. However, the industry-wide shift to alternative pricing agreements never came, even with the massively decreased demand for legal services at the beginning of the pandemic. But why didn’t alternative pricing become the norm, especially in a time as volatile and tumultuous as the pandemic? As Rapoport humorously puts it, “the billable hour is easy for lawyers because we’re not good at math.”

But just because it’s the most common pricing agreement doesn’t mean it’s the most efficient. “If we used data and we figured out other ways to value delivery of services, we’d all be better off,” Rapoport says. “[The billable hour model] encourages piling on of work, and it encourages slow work, neither of which a good lawyer should want to do. But if that’s the reward system, it’s very hard to break away from that. I would love to see people use data better, to rethink how they adjust the value to clients.” As Tiano succinctly puts it, “there’s a fallacy that every hour is equal in value.”

In addition to the continued use of the billable hour, law firms also face new challenges related to the rise of at-home work. “One of our biggest worries is how the newest professionals are going to get trained and socialized,” Rapoport says. A common problem among many offices since the pandemic, the lack of socialization for new employees can affect everything from office camaraderie to firm loyalty. And with at-home work becoming more and more normalized, these anxieties that firms and businesses face are unlikely to go away any time soon.

Finally, as the pandemic wanes and legal demand increases, law firms face a unique problem: “One of the biggest challenges that firms are having today is keeping their personnel, because they have too much work,” Tiano says. Although the legal industry started to bounce back when COVID vaccines became readily available, the industry soon came across new problems. The sheer amount of work has caused firms to lose personnel, risking the continuation of the legal industry’s comeback after COVID-19.

Legal Tech: Tool or Replacement?

Rapoport and Tiano see the benefits of legal software as complementary, but are skeptical about the technology replacing skilled lawyers regarding the ever-growing legal tech industry. As Rapoport says, “there are some things that computers are better at than lawyers … They can do things all day long in nanoseconds.” There is no shame in using the tools available to lawyers, especially if it helps increase efficiency. However, Rapoport warns that “if we’re not careful about how we use technology, we’re going to create a generation of untrained professionals who will become senior without knowing how to do things.”

“We’ve got to make sure technology augments what lawyers do, rather than replacing the skills that lawyers uniquely bring to the table,” Tiano says. “It’s very difficult to counsel a client from a legal, psychological perspective if you’re a piece of software.”

However, just because Rapoport and Tiano see legal tech as a complementary tool for quality attorneys does not mean that technology won’t replace second-rate lawyers. Rapoport warns: “For lawyers who are good counselors, there’s no software in the world that replaces that. For lawyers that fill in the blanks, their days are numbered.”

The Future of Law

Legal tech is unlikely to replace every lawyer any time soon. As Tiano says, “I don’t see technology replacing lawyers. I see it amplifying what lawyers can do and supplementing their processes.” But just because your next traffic court lawyer is unlikely to be a software program doesn’t mean legal tech can’t help lawyers increase efficiency. Legal tech saves firms and clients both time and money. It’s a valuable tool that, when used correctly, can help clients and firms in a myriad of ways.

[1] Wittenberg, Daniel. “The Pandemic’s Dramatic Effect on the Business of Law.” Americanbar.org. American Bar Association, October 28, 2020. https://www.americanbar.org/groups/litigation/publications/litigation-news/business-litigation/the-pandemics-dramatic-effect-the-business-law/

[2] Ambrogi, Bob. “Guest Post: Beating the Alternative – Why the Billable Hour Is the Truest Representation of Cost.” LawSites, August 25, 2021. https://www.lawsitesblog.com/2021/08/guest-post-beating-the-alternative-why-the-billable-hour-is-the-truest-representation-of-cost.html

July 30, 2021

Lawyers are the New I.T.: Tech Tips for Legal Professionals

As workplaces embrace modern technology more than ever before, knowledge of that technology is essential. No matter your job, employees must possess some amount of technical skill in order to maintain efficiency and complete their tasks. Even the most traditional law firms in the United States use some amount of technology. However, no matter if you work at a more traditional firm or one that has gleefully embraced legal tech, we can all become more advanced and efficient with our technology.

From increasing efficiency to protecting your business (and your clients), these tech tips will help ensure your firm is offering the very best.

Embrace New Tech

This may sound simple, but embracing new technology is one of the best ways to stay efficient and safe in the workplace. No, you don’t have to buy new computers every six months, but being aware and researching new programs can give you an edge over the competition. Find out what software can help automate your tasks, or what legal tech program saves your firm valuable time.

The best businesses are all embracing the technology that is available to them. However, change can certainly be scary. After all, many of us learned to work from home, using new software and programs that we weren’t used to. It was undoubtedly stressful to learn so many new programs in a short amount of time. But after a bit, we got used to it. We mastered the new technology, and are more efficient and successful because of it. Using new technology can be daunting, but it undoubtedly helps yourself and your business in the long run.

Update, Update, Update

Updating your software is one of the most important (and easiest) tech tasks to complete. We’ve all seen them and occasionally ignore them. Restarting a device in the middle of a workday can certainly be annoying, but it’s vital to do so. Software updates patch security holes and other vulnerabilities in your software. And as we’ve seen with the numerous ransomware attacks this year, cybercriminals will find these vulnerabilities and exploit you and your business without hesitation. Updating your operating systems and security software will give you more protection against these threats.

Take Advantage of Free Trials

Many legal tech providers offer free trials of their products for firms. Use them! Test out new programs often to see if it works for your firm. Don’t become complacent simply because you’re used to a certain software. If there’s software that fits your firm’s needs better, try it out.

Technology has never been stagnant; it advances quickly, and new programs that maximize efficiency can come quickly as well. Being open-minded about new programs and software will help ensure your firm is as efficient as possible. Of course, this doesn’t mean you should change your entire firm’s software every week, but learning about and testing out new programs will keep you knowledgeable about the technology that could potentially help your firm. And when a new program comes out that works perfectly for your workplace, you’ll be the first to take advantage of it.

Learn Your Technology

Most of us know the basics of computers and common software, but there are so many more things to learn. From the classic “Ctrl + C” and “Ctrl + V” for copying and pasting to the most advanced Excel commands, there are so many ways to maximize efficiency with shortcuts. Take an afternoon to learn and practice shortcuts that can help your efficiency at the office. And when your business upgrades to new software, learn that software quickly as well! Learning the ins and outs of programs can save you hours per day, leaving more time available for other projects.

In addition to learning about your technology, you should learn what to do when the technology suddenly stops working. From Internet outages to hardware malfunctions, be aware of common troubleshooting techniques to help prevent costly, efficiency-killing problems throughout the office. Learning these techniques can save you both time and money.

Backup Your Documents

Unfortunately in today’s digital era, online documents are constantly in jeopardy. Security holes, data breaches, and cybercriminals all pose a threat to data in the cloud. The solution? Make sure your data is available offline. This means putting your documents (yes, all of them) onto a physical hard drive, safe from online dangers.

In addition, you should update your hard drive often. Don’t make it a one-and-done task; update your hard drive monthly. This ensures that all of your data, including your most recent documents, are safe and secure from cybercriminals and ransomware attacks. After all, they can’t hold your data hostage if you already have it offline. So while this is a monthly task that takes some time, it gives yourself and your business peace of mind, with the knowledge that your data will always be available.

Encrypt Your Data

Finally, to truly protect your data, encryption is the way to go. Encryption changes your data into a code, and can only be accessed with a “key” to that code. This means if hackers got ahold of your encrypted data, they would have nothing of value. It really is the ultimate form of protection from cybercriminals and data breaches.

However, not all encryption is built the same. For example, AXEL Go, AXEL’s file-sharing and cloud-storage software, offers industry-leading AES 256-bit encryption. While 256-bit encryption may not sound impressive, in practice, it is astoundingly secure. The number of potential combinations to find the “key” is a massive 78-digit number. Experts estimate it would take the world’s fastest supercomputer billions of years to find the encryption key. So even if thieves got their hands on your encrypted data, it’s worthless to them, but usable for you.

Get Two Free Weeks of AXEL Go

If you’re ready to embrace new technology and protect your data, try two free weeks of AXEL Go. AXEL Go is a file-sharing software with an unwavering focus on security. AXEL Go lets employees share, store, and collect documents securely, all in a simple, easy-to-understand user interface. Offering blockchain technology, military-grade encryption, and digital “shredding,” AXEL Go offers the perfect marriage of simplicity and stringent security. To try AXEL Go for free for two weeks, click here.

April 20, 2021

Common Pitfalls when Attorneys Adopt New Technology

The legal industry faces unique challenges to the adoption of new technology and digital transformation efforts. This article will discuss the most typical obstacles and introduce a framework that will help firms analyze whether a new tech solution is likely to integrate successfully.

Impediments to technological progress in the legal sector

Time investment. As you likely know, being an attorney isn’t a regular 9-5 job. A recent survey claims lawyers work an average of 66 hours per week[1]. That’s like a typical full-time and part-time job combined. So, all but the largest firms with dedicated IT teams can’t afford to spend too much time implementing new technology. Small firms and solo practitioners simply don’t have the resources to research, test, and deploy complex tech solutions.

Cybersecurity and confidentiality concerns. Legal professionals have needs that go above and beyond the average office worker when it comes to digitization. Due to attorney-client privilege and the ethical responsibility to maintain data security, attorneys need to be extra careful when upgrading their technology. They may have to look for approved ‘legal tech’ solutions when off-the-shelf consumer products don’t meet these standards.

The “billable hour” issue. Although there may be a shift in billing practices in a few firms, most still rely on the time-tested “billable hour” method. It may seem like a paradox, but the increase in efficiency new tech can bring might actually reduce a firm’s profitability due to fewer billable hours plus the cost (initial and ongoing) of the technology itself. While an increase in clients due to more free time could offset this problem, the demand for legal services, especially in less populated regions, probably won’t rise at the same rate.

The partnership model. The traditional hierarchy of law firms puts the “partners” at the top. Depending on the organization’s size, many decision-makers would need to approve any new legal tech initiative. This alone makes it an uphill battle, but add in the fact that partners tend to be older people who may not see technological advancement as a priority, and it becomes a serious deterrent. Obviously, this is a much more significant obstacle at larger firms, but any practice will multiple partners could face a difficult situation.

The “ignorance is bliss” dilemma. Solo practitioners and small firms don’t have the resources of their more massive brethren. This means that tech policies and solutions mega-firms implement have a hard time trickling down. Unfortunately, this can lead to solo practitioners developing an “ignorhttps://www.axel.org/the-10-worst-data-breaches-of-the-decade/ance is bliss” mantra, even if they don’t necessarily believe that to be the case.

For example, whereas large organizations may completely ban the use of insecure applications such as Dropbox for confidential file transfer or storage, smaller practices could still use them due to familiarity. They don’t search out current best practices for data storage because they may fear switching and disrupting their workflow.

While this is an understandable reaction, we urge attorneys to push through this bias for their own sake. After all, if a serious data breach occurs and the lawyer has not lived up to their ethical responsibilities, it becomes an even worse situation.

The innovation-decision process

We recommend running through the innovation-decision process before making conclusions about a particular technology’s viability for your firm. This process goes as follows:

Assess comparative advantage. Does the new technology offer a substantial upgrade to your current systems? Define these advantages and review the overall impact they will have.
Analyze compatibility. Does the solution fit into your existing workflow? If not, what resources will you need to allocate to adapt your business practices?
Consider complexity. If you do need to adapt, calculate the cost-benefit analysis (not just financial, but also psychological) of doing so. Will it be a complicated endeavor? Do the results outweigh these complexities?
Evaluate trialability. See if the vendor offers any sort of trial or demo. You can test out the solution, receive critical feedback and preliminary effectiveness metrics before committing to the entire project.

If you go through this process and discern that the tech is worth using, you will be much more confident in the solution and have a greater chance for success.

Your firm and AXEL Go

While the decision will still be challenging in many instances, sometimes the Universe serves up a no-brainer. AXEL Go is a secure, private file-sharing and cloud storage solution that overcomes the common obstacles and scores well on the innovation-decision process.

With the sudden shift toward working remotely, many attorneys find themselves in need of an easy-to-use file-sharing application that can fit seamlessly into their legacy workflow while providing more robust data security. AXEL Go is the perfect solution for any such lawyer. It has many innovative advantages, including:

Industry-leading security. AXEL Go runs on a secure, decentralized network that features blockchain integration and file encryption. Documents stored on the network go through a process of “digital shredding,” where only the uploader and recipient (if there is one) have access to the complete file.
Secure Fetch. Think of it as a digital courier. You send a secure, encrypted link to a recipient and request certain sensitive documents. They upload the necessary files, and you receive a notification for download. Recipients do not need AXEL Go accounts, meaning you don’t have to badger clients or colleagues to sign up for new services or software. You get to meet data security guidelines without any hassle or inconvenience.
Microsoft Outlook integration. You can now send confidential data via email without having to rely on insecure attachments. Using our Outlook plugin, you can send fortified AXEL Go links directly in an email with the click of a button. It’s a simple process that fits within traditional workflows.

With partnerships with the State Bars of states such as Connecticut, Florida, Nevada, and Georgia, it’s fair to say the legal community sees the unique value proposition AXEL Go offers.

According to a 2021 survey by ALM[2], 56% of legal teams consider “data privacy and security” as their primary focus for 2021. It makes sense when you understand the high probability of attempted hacks and data breaches every firm faces today. Don’t just wait around waiting for the inevitable. Be proactive and protect your most sensitive information with AXEL Go.

If you’re interested in seeing it in action, you can enjoy a completely unlocked trial of our Premium service for 14-days. Sign up today and see the AXEL Go difference for yourself.

[1] “How Many Hours A Week Does A Lawyer Work?”, careerigniter.com, https://www.careerigniter.com/questions/how-many-hours-a-week-does-a-lawyer-work/

[2] “What Do Legal Professionals Expect From 2021?”, Mitratech.com, 2021, https://mitratech.com/resource-hub/whitepapers/alm-survey-legal-tech-plans-2021/

February 5, 2021

How Remote Work Affects the Legal Profession

The lockdowns and restrictions caused by the coronavirus pandemic transformed the way people work. This is especially true for legal professionals, as attorneys used to long hours in the office and courtroom were mandated to work from home. It was a considerable departure from business-as-usual and resulted in significant ramifications for the industry.

A unique sector

The legal industry is a notorious laggard when it comes to embracing technological advancements. And, for good reason too! Who would want to go digital after sparing no expense on all those leatherbound legal tomes that look so classy adorning the office bookshelf? Kidding aside, it’s true; in 2018, over 80% of Legal Departments claimed they were unprepared for digital transformation[1]. While late 2018 may seem like eons ago after spending the past year cooped up, it was well after most industries embraced the advantages of increased digitalization.

Then, the pandemic hit, and law firms scrambled to condense a decade’s worth of technological evolution into a few months. With nearly all organizations experiencing problems due to COVID-19, it is not surprising that the legal profession was especially susceptible. It’s easy to argue that this accelerated implementation is a good thing in the long run, but let’s look at some of the short-term growing pains.

Increased cyber attacks

Law firms are already high-priority targets for hackers due to their business’s inherently confidential and sensitive nature. The fact that firms had to switch to remote working basically overnight exacerbates this problem. Whereas traditional cybersecurity deals with setting up and maintaining perimeter defenses, what happens when there is no longer a definable perimeter?

Attorneys in the same practice are now spread out throughout their regions. Some may only use approved devices to do work, while others skirt guidelines and conduct business on their personal phones, tablets, laptops, or PCs. Some firms may not even have concrete policies in the first place! These significant discrepancies increase the attack surface for malicious agents. It’s unlikely that the IT department or third-party cybersecurity firm can monitor every single device each lawyer will be using. This unfortunate dynamic resulted in more instances of:

Phishing. Scammers posing as legitimate colleagues or clients send emails or other forms of communication to trick victims into clicking malware-infested links and attachments. Phishing attempts rose across the board last year, with some analysts claiming an increase of 85% over pre-COVID levels[2].
Ransomware. Once threat actors compromise a computer system, they often attempt to install ransomware. This type of malware encrypts as much data as it can find on the system, then the hacker group responsible for the attack demands a ransom to restore it. Incidents of ransomware rose significantly in 2020[3], with high-profile attacks such as the one against celebrity law firm Grubman Shire Meiselas and Sacks. In that case, hackers demanded a $42 million (!) ransom, which, when left unpaid, resulted in privileged client data leaked to the Dark Web[4].

Slower data breach detection

Due to many of the same variables mentioned above (lack of consistent monitoring, use of unapproved hardware, users spread across a wider geographic area), remote work increases the time it takes to detect data breaches. In an IBM survey, 76% of respondents agreed with that conclusion[5]. In the field of Law, where cybersecurity budgets are already stretched thin, this is a major issue. Slower detection times can mean more time for hackers to map out networks, leading to more inaccessible files, higher ransoms, and larger overall breaches that can irreparably damage a practice’s reputation.

Shifting job expectations

Attorneys (especially Junior or mid-level ones) typically have pretty rigid schedules and expectations. The pandemic has thrown this into flux. Lawyers with children are the most affected. If the parents are working from home, chances are the kids are distance learning too. This means that professionals who usually have a large window of the day’s time blocked off specifically for their career now have to share that time with parental duties.

Firms must meet these new requirements by allowing for schedule flexibility or even reduced workloads. Otherwise, an already-stressful occupation becomes unmanageable, leading to poor performance.

Disrupted development tracks

Younger attorneys gain experience and learn on-the-job. Working from home can stunt their professional growth and take away otherwise organically-appearing opportunities. This is because they lose the ability to attend events such as hearings, depositions, witness meetings, and more with their experienced colleagues.

It also prevents interactions with senior attorneys in the office or courthouse halls. This can adversely affect the chances of a helpful mentorship and important professional relationships. While digital correspondence and interaction are possible, many parts of an in-person exchange cannot be replicated on a Zoom call or email.

Ways to deal with these issues

In a time with reduced revenues, investing in large-scale cybersecurity projects is probably not a viable option. So, while hiring more IT professionals or a dedicated SOC-as-a-Service (Security Operations Center) company to shore up your networks is a great idea, it may not be possible. We recommend implementing other low-cost suggestions to protect your organization.

Ongoing cybersecurity training. Most of the time, organizations can avoid data breaches by training employees on the basics of cybersecurity best practices. Consult with your IT team and construct an ongoing curriculum that informs your team how to spot phishing emails and what policies your firm has in place regarding data sharing, personal device usage, and more.
Require strong passwords and 2-Factor Authentication (2FA). Prevent brute force attacks by requiring team members to set up strong, phrase-based passwords. Then, mandate 2FA for all logins to firm networks through unrecognized hardware. Unless you’re dealing with extremely sophisticated hackers, these two no-cost solutions offer excellent protection.
Vet new software and cloud solutions. If your practice didn’t allow working from home previously, chances are you’ll need to invest in some cloud or enterprise solutions. Make sure you use trusted vendors with documented cybersecurity safeguards. Remember, your system is only as strong as the weakest link. A lesson that law firm Goodwin Procter recently learned when hackers breached their third-party file transfer vendor[6].
Utilize data encryption. Encrypting your data is essential these days. Strong encryption means even if malicious agents could breach your system and access information, it wouldn’t be useful or even viewable unless they had the decryption key.
Implement Access Controls. Everyone in your organization doesn’t need access to all the potential files on the network. While it might take some work to segment and decide individual permissions, doing so promotes resiliency. It means that if someone is able to hack a low-level employee, they don’t automatically gain access to highly confidential information.
Have a mitigation plan. As of 2019, 25% of firms have experienced a data breach, and 36% report malware infections. Knowing this, a mitigation plan is crucial. All of the top-level decision-makers need to get together and agree on a roadmap for damage reduction. It could be the difference between an unfortunate blip or the complete loss of client trust.
Remain flexible. As we’ve seen, cybersecurity is only a part of the work-from-home equation. Firms also need to ensure their lawyers are in a good mental state and in a position to provide high-performance to their clients. This may mean making some changes regarding work schedules and workloads. Allowing this flexibility can actually be a good thing for clients as well, as perhaps some of their schedules will line up better this way.
Facilitate interactions. Don’t neglect the everyday interactions that make practicing law special, especially for your junior attorneys. Perhaps you could set up office hours with the senior team or have an open Zoom room for your organization where everyone has to check in daily to preserve basic socialization.

These trying times present new challenges every day. Your organization can weather the storm and come out better for it on the other side. Take the situation seriously and evolve intelligently, and you’ll be fine.

Protect your documents

Having a trusted data transfer solution is critical to protecting your firm’s and clients’ confidential information. As the situation with Goodwin Procter confirms, your organization needs a vendor committed to preventing hacks.

AXEL Go is a cloud file-sharing and storage solution that puts security and privacy first. It runs on a decentralized and distributed network that is resilient to breaches. All data transferred via AXEL Go is split into smaller pieces called ‘shards’ and spread across many secure servers. Your files can also be protected using AES 256-bit encryption, ensuring industry-leading data security for your most sensitive documents. If your firm needs a data transfer and storage solution, contact us today to discuss your needs and schedule a demo.

[1] Rob van der Meulen, “Gartner Says 81 Percent of Legal Departments Are Unprepared for Digitalization”, Gartner, Dec. 12, 2018, https://www.gartner.com/en/newsroom/press-releases/2018-12-12-gartner-says-81-percent-of-legal-departments-are-unprepared-for-digitalization

[2] Phil Muncaster, “Experts Detect 30,000% Increase in #COVID19 Threats”, Infosecurity Magazine, Apr. 27, 2020, https://www.infosecurity-magazine.com/news/experts-detect-30000-increase/

[3] “Mid-Year Threat Landscape Report 2020”, BitDefender, 2020, https://www.bitdefender.com/files/News/CaseStudies/study/366/Bitdefender-Mid-Year-Threat-Landscape-Report-2020.pdf

[4] Akshaya Asokan, “Ransomware Gang Demands $42 Million From Celebrity Law Firm”, Bank Info Security, May 16, 2020, https://www.bankinfosecurity.com/ransomware-gang-demands-42-million-from-celebrity-law-firm-a-14292

[5] “Cost of a Data Breach 2020”, IBM Security, 2020, https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/

[6] Meghan Tribe, “Goodwin Procter Says It Was Hit by Data Breach of Vendor”, Bloomberg Law, Feb. 2, 2021, https://news.bloomberglaw.com/us-law-week/goodwin-procter-says-it-was-hit-by-data-breach-of-vendor

August 21, 2019

Why Data Breaches are so Damaging and how the Law has Failed Consumers

Very few times in history have a group of people sat down with the purpose of writing a set of new laws to improve society. Instead, what usually happens is that laws are written to solve specific problems. This leads to a litany of laws piling up over the decades. While it could always be debated how effective a particular law might be at accomplishing its goal, the rapid pace of technological advancement over the past 20 years – especially as compared to the pace of the lawmaking process – has introduced new challenges as laws become quickly outdated, sometimes even by the time they take effect.

The results of this are acutely apparent in the cross-section between the fields of cybersecurity and consumer protection, namely data breaches.

The magnanimity of consumer protection laws in the United States were written for a society concerned with immediate product safety and compensation for resulting injuries, not for the nebulous and incalculable injuries that may be sustained by potential millions when private records are exposed.

Why are data breaches so damaging?

The unique problem of data breaches stems from the fact that the breach of privacy carries in of itself no specific harm. Instead, it is the later misuse of information that has been breached that may lead to ensuing harm. However, with data breaches occurring on a near-daily basis, the causality of specific financial or reputational damage is nigh impossible to link to a single breach causally; with our laws written around the concept of calculable damages being the source of justified remuneration, we are left constantly and increasingly victimized but unable to seek just compensation.

Some would argue that even more problematic is the irreparable nature of many of the most severe data breaches. Once a name and social security number are leaked, that identity is permanently and irreversibly at risk for being used fraudulently. While one could always apply for a new social security number, the Social Security Administration is extremely reluctant to issue new identities, and while that is a debate for another time, it goes to show just how difficult it can be to recover from a breach. Victims are permanently marred and at increased risk for future injuries resulting from a single breach, no matter how much time has passed.

Because of the damage resulting from a data breach being so far removed temporally and causally from the actual breach itself, adequate compensation is rarely won, if it is even sought. Was it the Equifax breach, the MoviePass breach, or one of the innumerable other breaches this year that resulted in your identity being stolen and used to take out fraudulent loans a decade from now?

Moreover, even if you should find that it was MoviePass’ negligence that leads to your identity being stolen, what compensation can you seek from a company that has been defunct for years? Our laws were not written to address these issues adequately. Our legal system often does not ponder questions of uncertainty and possibility, and that’s the perfect summary of what victims face in the aftermath of a breach; uncertainty and possibilities.

For all the uncertainty victims face, the solutions going forward as a country are equally opaque.

It would be easy to write some draconian law to punish companies for exposing private data, but as is often the case, that could have unintended consequences, such as pushing data overseas where even looser security and weaker privacy laws may exacerbate the problem. Instead, it’s going to take a significant shift in our collective-consciousness over how data is handled.

Laws written for managing telecommunications and transmissions in that era are being used to handle complex cybersecurity and data privacy cases.

This can’t come just from one party though; companies need to seriously consider what data they need to collect, and what information needs to be retained on a long-term basis. Consumers have to take ownership of their data and demand a higher quality of service from corporations and governments over how their data is collected and used.

As a whole, we must recognize the value of data, and the dangers we expose ourselves to by collecting it (and why it might even be best to not collect data at all in many circumstances).

Just like holding valuables such as gold and art entails a security risk, so too does data. If people started treating data like the digital gold it really is, maybe then we could all come together to work out a solution.

But until then, I’ll be keeping my data to myself.