Excerpt: We deliberately chose the title “When Your Firm Suffers a Data Breach,” not “If.” This is consistent with an oft-repeated mantra in cybersecurity today (“when not if”) that recognizes the ever-increasing incidence of data breaches. Robert Mueller, then the FBI Director, put it this way in an address at a major information security conference in 2012:
I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.
This observation is true for attorneys and law firms as well as companies. There have now been numerous reports of law firm data breaches. The FBI has reported that they are seeing hundreds of law firms being increasingly targeted by hackers. Law firm breaches have ranged from simple – like a lost or stolen laptop or mobile device – to highly sophisticated – like a deep penetration of a law firm network, with access to everything, for a year or more.