U.S. officials say Chinese hacking of law firms is more prevalent than you might think. Why? Hackers stand to gain millions of dollars.

From 2016, here’s a case-in-point: Three Chinese hackers were criminally charged with trading on confidential information after being charged with breaking into the email servers of New York law firms working on corporate mergers.

Prosecutors says the three made over $4 million after making trades in stocks after gaining insider information from law firms on mergers.

The case is U.S. v. Hong et al, U.S. District Court, Southern District of New York, No. 16-cr-360.

The mergers included Intel and Pitney Bowes.

Epidemic proportions

This is not an isolated case. U.S. officials warn many law firms are to blame when it comes to data hacks by not paying for cybersecurity or haven’t made it a priority.

When they happen, data breaches at law firms take no more than minutes but cost millions.

Thieves can steal everything from corporate secrets to intellectual property, and harm the clients’ systems, too.

This is the growing concern as data breaches continue to increase in frequency and damage.

Too-few precautions

Law firms are accused of not devoting the staff, the scanning time, or the training to make sure that they do what they can to decrease vulnerability.

But if hacked, a law firm can lose clients, have its reputation damaged, and be liable, too.

Because law firms handle sensitive client information, some which is global, you might think the legal profession has unique security challenges.

But the cybersecurity risks faced by law firms are not different than the rest of society. Law firms are not terminally unique.

It takes a team approach for a law firm or any organization to guard against the skyrocketing rate of cybercrime. That means cybersecurity training for all employees.

Here are the four typical risks:

1. Phishing, also known as hacked email accounts

Even if lawyers use Dropbox or DocuSign to connect their emails, cybercriminals aren’t easily thwarted. They’ve become very sophisticated in the art of fooling attorneys.

Hackers can be persuasive in convincing attorneys in various phishing techniques. They are creative in color schemes and graphics to masquerading as sign-in screens.

Solutions include using a authoritative password managers with different passwords for online tools and email addresses, and applying two-factor authentication with a unique designated phone number, not the attorney’s or the law firm’s. In all, there are eight solutions to avoid being victimized by phishing scams.

2. Ransomware attacks

That’s when hackers invade a firm’s computer files, secure them, and make the victim pay a ransom to get the files back.

Solutions include immediately contacting file recovery experts. Then, of course, then take key measures to prevent ransomware.

3. Leaking of sensitive data

There many ways for firms to lose confidential information.

One way, is social media when employees use firm computers to access social media. They must implement five safety measures to prevent a social-network attack.

Hackers, for example, know how to exploit firms in document tagging, in which automation could help. So, it behooves firms to invest in artificial intelligence as a prevention measure to spot and repair the weaknesses.

4. Malpractice allegations

There are many ways clients might allege that a firm has failed to make cybersecurity an adequate priority. Indeed, published reports indicate that a significant number of firms has been hacked.

Even some enlightened law firms might think that harnessing the cloud is sufficient. To pardon a pun, this is isn’t always the case. For risk management, it’s important to pick the best cloud storage provider.

Finally, if you’re looking for the nation’s leading expert on digital security, my unsolicited and uncompensated recommendation is the go-to expert, Stan Stahl, Ph.D., at citadel-information.com.

From the Coach’s Corner, here are more cybersecurity resource links:

4 Values to Hire Best Security for Today and the Future – Naturally, with all the cyber-security scandals, it’s increasingly vital to hire the right personnel to protect your business data. Not only is it imperative to deal now with current cyber threats, but to protect your business in future years.

Best Practices to Buy Cyber Insurance for Business Security — Security has become problematic in all sectors – business, nonprofits, government, politics and individuals. The aggregate financial losses are so staggering, cyber insurance is a necessity.

Skyrocketing Cybercrime Calls for 8 Strategies to Manage 3rd Party Risks — Daily data breaches have become the norm in news headlines. We’re also hearing a lot about third-party risks being a chief culprit in cybercrime. Your business associates might be bigger risks for data breaches than you realize, too. Here’s why and what you can do.

Protect Your Financials, Systems and Technology with 15 Tips — Cybercrime has skyrocketed and is projected to get much worse. At risk is the health of your company as well as the welfare of anyone with whom you do business. Here’s how to protect your customers and your reputation.

“Opportunity makes a thief.”

-Francis Bacon


Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.