Earlier this year, over 40 law firms in North America were victims of a group of what many believe, were Russian online hackers, bent on scrummaging terabytes-worth of data for insider trading purposes and other malicious intent. Most of these firms did not even know they were targets, nor did they realise there was a breach in their data, until a full-scale investigation was conducted.

These were no ordinary firms. They were specifically targeted for the kind of work they do and the type of clientele they represent. They were large, successful firms that poured millions a year into protecting their data, and if these big-brand firms were so easily targeted, what more firms of smaller sizes.

The legal profession in Malaysia is no different. Just as with their American counterparts, our law firms too, are built on the trust that exists between practitioners and clients. Lawyers and law firms are inherent protectors of their clients, and the very sensitive and vital information there is. This information needs to be fiercely protected, and law firms need to wake up and be smart about data protection, but unfortunately, this is not always the case.

Why The Attack On Law Firms?

Law firms are the guardians of a wealth of information. For example, conveyancers hold every information possible regarding a particular property if they are overseeing a sale and purchase transaction. Family law practitioners hold personal, sensitive data relating to their clients’ personal details, overall wealth, their extensive portfolio, personal property and business dealings. Commercial lawyers specialising in mergers and acquisition possess valuable information such as their client’s financial standings, copyrights and trademarks, future business roadmaps and expansion plans.

Good information and valuable data in this day and age are worth almost as much as gold and currency. The type of data mined from a hack on a law firm can be used for a variety of subterfuge. Insider trading, corporate espionage, identity theft and outright hack of banking accounts are just the tip of the iceberg.

Small to medium-sized law firms are more often soft targets for data hackers as opposed to larger law firms who may have better security systems protecting their data. These firms are much easier to break into and they too have the same valuable information as a larger firm might.

The Cost Of A Cyber Attack

The “Panama Papers” have already claimed the job of the Icelandic Prime Minister and prompted uncomfortable questions for the UK’s (previous Prime Minister) David Cameron. But it should have a much wider impact.

Others named in the documents from law firm Mossack Fonseca include high profile clients around the world.  Overall, 140 politicians and public officials are named, as well as more than 214,000 organisations, according to the International Consortium of Investigative Journalists[1].

The Panama Papers scandal only proved that the breaches in a law firm’s data security can have a wide casted impact – not just for its clients, but also those associated closely with its clients. If confidential data is breached and later on exposed, your clients will be left unprotected. Their personal data, business dealings, and associated business partners will be of interest to many, especially if they are public or prominent figures to begin with.

The firm too will suffer terribly as its reputation will forever be linked to the scandal and further damages will manifest in other ways; loss of current clients as they walk out the door, as well as loss of any future income in the shape of new clients.

What Can Law Firms Do?

You can choose to either continue hiding under your rock and believing you will never be preyed upon online, or you can come out from under that rock and be more vigilant against these crimes. If you think you’re too small a fish, think again! These crimes don’t discriminate the size of their victims, these crimes perpetuate one sole
entity: the information you hold.

In 2014, US based IT security developer SOPHOS ranked Malaysia as sixth globally in terms of cybercrime threat risks, as the total cybercrime bill topped $300 million (RM1.2 billion). What does this really mean? It means that in general, Malaysians have a lackadaisical view of internet and data security. It means that law firms HAVE TO NOW BE more proactive in fiercely protecting the trust put onto them by their clients.

Sole proprietors, small and medium sized firms need to work the hardest here in finding the best-fit solution to secure data. These law firms are believed to understand that the dangers of data breach can happen, but what they lack is an understanding of how best to move forward. Hiring an “IT guy” fresh out college is no longer sufficient. Neither is adopting an Enterprise Solutions Systems as they are expensive, complicated, and just too much for small and medium sized firms.

Once you find your middle ground, develop that plan of cultivating data security on a firm-wide basis. Put your newly formed protocols and operating procedures into a readily available document for all your Partners, Legal Assistants, clerks and support staff to be able to refer to whenever. Delegate a Partner to oversee Firm’s IT protocols – ensure firm-wide participation.


Footnote: [1] https://panamapapers.icij.org