Cybersecurity Alert: Data Breaches Can Happen to Anyone
on February 5, 2021
Yet another law firm has become a victim of a data breach attack. This time an internationally known AM Law 200 firm with its own privacy and cybersecurity practice group was a victim of a data breach stemming from a vendor it uses to transfer large files.1 The vendor’s security was compromised and, as a result, clients who used the file transfer service were impacted.2
This breach should serve as a reminder that no industry, no profession, and no company is safe from the risk of a data breach. This is precisely why it is so important to conduct proper pre-breach planning and have a response protocol in place in the event of a breach. In this case, the law firm that was breached was able to mitigate the damages to itself and its clients by taking immediate steps to disconnect from the compromised services, hiring outside forensic experts, and investigate the extent of the breach.3
Although planning and taking precautions help limit the risk of being breached, it cannot insulate you from the threat. Your vulnerability extends beyond your own risks and exposures to any third party that handles data for your company. In fact, a 2018 study by Opus and Ponemon Institute found that 59% of companies experienced a data breach linked to a third-party vendor.4 Therefore, it is important to ask questions of prospective vendors up-front related to their cybersecurity measures to minimize risks and losses. A recent article published by Forbes highlights eight questions to ask when choosing a vendor.5 Brouse McDowell also outlined seven tips for companies to prevent data breaches in a July 24, 2019 Corporate TIPS Blog “Tips for Preventing Data Breaches.” Advisors and clients alike need to be vigilant in putting in place the proper precautions, and also ensuring you have a plan to deal with the loss and mitigate the damages.
Advisors such as law firms and accounting firms are targets for hackers because of the sensitive information they often have. It is imperative that everyone remains diligent in protecting your data.
When in doubt, ask Brouse for help.
If have questions about whether you are protected or prepared in the event of a data breach our team is here to help. We offer a variety of services, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.
1 Tribe, Meghan. “Goodwin Proctor Says It Was Hit by Data Breach of Vendor (1).” Bloomberg Law, 2 February 2021, https://news.bloomberglaw.com/us-law-week/goodwin-procter-says-it-was-hit-by-data-breach-of-vendor.
4 “Data Risk in the Third-Party Ecosystem: Third Annual Study,” A Ponemon Institute Study, Sponsored by Opus, November 2018, https://www.ponemon.org/userfiles/filemanager/nvqfztft3qtufvi5gl60/.
5 Beenu Arora. “Eight Cybersecurity Questions To Ask When Choosing A Vendor,” Forbes.com, 28 September 2020, https://www.forbes.com/sites/forbestechcouncil/2020/09/28/eight-cybersecurity-questions-to-ask-when-choosing-a-vendor/?sh=332cc14b1b8c.