“What to Do When Your Data is Breached?” by Sharon Nelson, John Simek, and David Ries was featured in the March 2018 issue of the San Bernardino Bar Association Bulletin.
Excerpt: “When, not if.” This mantra among cybersecurity experts recognizes the ever-increasing incidence of data breaches. In an address at a major information security conference in 2012, then-director of the Federal Bureau of Investigation (FBI) Robert Mueller put it this way: “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
Mueller’s observation is true for attorneys and law firms as well as small businesses through Fortune 500 companies. There have now been numerous reports of law firm data breaches. The FBI has reported that it is seeing hundreds of law firms being increasingly targeted by hackers. Law firm breaches have ranged from simple (like those resulting from a lost or stolen laptop or mobile device) to highly sophisticated (like the deep penetration of a law firm network, with access to everything, for a year or more).