Equifax is one of the single largest repositories of American’s most sensitive financial data: Social security numbers, birth dates, addresses, and more.
And they got hacked.
If you run a law firm of less than 10 attorneys or are solo, your computers are probably vulnerable because you have some of the same personal data as what the Equifax hackers were looking for.
The hackers were probably seeking information about high-net-worth individuals to defraud. You probably have a lot of the same information in your firm’s system— and you are a much softer target.
140,000,000 Americans were compromised by the Equifax security breach. That means around 60 percent of the adult population was impacted. Clearly, the odds are not in your favor.
Who’s to blame? Well, Equifax is blaming “state-sponsored” attackers. And many cyber experts agree that the tools and methods used in this attack look very similar to those used by Chinese intelligence hackers. The point is there are hackers all over the globe that are trolling personal data.
But it appears that a dispute between Equifax and their security team at Mandiant gave the hackers extra time to evade detection, poke around, and scoop up more data. One thing is clear, even though Equifax invested millions in highly sophisticated security methods, including a dedicated operations center and very expensive anti-intrusion software something as simple as a dispute with a vendor caused a slight crack in the Equifax system and the hackers found it and squeezed through.
Hackers are like water; they will flow to the lowest level and into cracks. Regardless of the size of your firm, if there is a little gap or a gaping hole in your system, it’s almost inevitable that a hacker will leak through.
This hit to Equifax’s reputation will undoubtedly mean an erosion of their market share which will cost them hundreds of millions of dollars. Imagine the cost to your firm’s reputation if your system is hacked.
The Washington Post reports that Equifax has already been hit by dozens of suits from shareholders, consumers and at least one credit union who could be the first in a long line of financial institutions seeking compensation for losses.
In my book, “How Hackers Can Crush Your Law Firm,” I wrote, “the security of your digital data is so valuable that its importance can’t be exaggerated. The life of your business depends on it.”
ABA: Half of Law Firms Vulnerable
As I stated earlier, law firms often represent high-net-worth individuals. Law firms often represent people with criminal histories. Law firms often represent people who would be at serious financial and reputational risk if their personal data were compromised. Clearly, hackers of all stripes consider law firms a prime target.
But the sad fact is the most law firms are ignoring the risk completely. The ABA reports that half of firms said they had no response plan in place to address a cybersecurity breach.
A cyber-security system for a small law firm is relatively in expensive. Prices typically range from $149 and go up from there. This will give your firm patented, multi-layered, security that proactively stops zero-day malware and ransomware.
Compare that to the indirect costs like loss of reputation and loss of clients as well as the out of pocket costs for investigation and litigation. These costs can easily be firm-ending.
What Can Your Small Firm Learn From The Equifax Breach?
The questions being asked by Equifax about their breach are the same questions you should be asking about your firm’s system.
Here’s how to tell if you’re using multiple security layers to reduce your risk: Are you encrypting everything? SSL website encryption, Email encryption, hard disk encryption AND keystroke encryption? Are you performing a security risk assessment to score your firm at least quarterly? Are you having a penetration test done at least annually to evaluate your security and risks?
Most importantly, the ideal cybersecurity plan for small law firm should include a solution that stops all zero-day malware and ransomware from writing to the hard disk drive in real time. If the malware cannot drop its payload, it cannot infect the endpoint. Craig A. Petronella