The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Agile Project Management in the Construction Industry
January 09, 2023 —
Mohammad Saki - AEC BusinessThe linear workflows used in the construction industry, such as the RIBA plan of work, have a history of starting when the previous phases end. The stages in these workflows are often distinct and sequential, and it might be difficult or expensive to go back after a stage is finished. Design reviews are required in this method, which is also known as the “Waterfall,” and they must be completed before moving on to the next level.
Cross-phase iterations are a rare symptom of problems, and the majority of design specifications will be locked early to prevent rework. Additionally, common planning and scheduling methods for the construction industry, like the Critical Path Method (CPM) and Program Evaluation and Review Technique (PERT), lack the ability to represent feedback and iteration in projects because they only permit one-way progression.
As a result, these processes have come under fire for being a linear paradigm that encourages a fragmented approach to project management, and the need for a more iterative procedure has increased.
Read the court decisionRead the full story...Reprinted courtesy of
Mohammad Saki, AEC Business
Alert: AAA Construction Industry Rules Update
June 07, 2021 —
Christopher G. Hill - Construction Law MusingsThe American Arbitration Association has made some needed updates to their Construction Industry Arbitration and Mediation Rules, effective July 1, 2015. Among the changes listed at their website are:
- A mediation step for all cases with claims of $100,000 or more (subject to the ability of any party to opt out).
- Consolidation and joinder time frames and filing requirements to streamline these increasingly involved issues in construction arbitrations.
- New preliminary hearing rules to provide more structure and organization to get the arbitration process on the right track from the beginning.
- Information exchange measures to give arbitrators a greater degree of control to limit the exchange of information, including electronic documents.
- Availability of emergency measures of protection in contracts that have been entered into on or after July 1, 2015.
- Enforcement power of the arbitrator to issue orders to parties that refuse to comply with the Rules or the arbitrator’s orders.
- Permissibility of dispositive motions to dispose of all or part of a claim or to narrow the issue in a claim.
Read the court decisionRead the full story...Reprinted courtesy of
The Law Office of Christopher G. HillMr. Hill may be contacted at
chrisghill@constructionlawva.com
Floating Crane on Job in NYC's East River Has a Storied Past of Cold War Intrigue
January 04, 2018 —
Nadine M. Post - Engineering News-RecordOriginally Published by CDJ on March 22, 2017
The complex maneuver of lifting heavy prefabricated modules out of New York City's East River to build a university laboratory took careful planning and the work of one particular floating crane with a complicated past.
Read the court decisionRead the full story...Reprinted courtesy of
Nadine M. Post, ENRMs. Post may be contacted at
postn@enr.com
Insurance and Your Roof
November 13, 2013 —
CDJ STAFFThose seeking home insurance should look up. Bankrate points out that the type of roof a home has can affect how much it costs to insure it. “The roof is the first layer that wind, hail, wildfire and other hazards really begin to act on,” Tim Reinhold, the chief engineer at the Insurance Institute for Business and Home Safety, told the site.
For insurers, the most problematic roof type is probably wood shakes. “Some companies won’t even insure certain roof types, such as wood shakes, in high fire-risk areas,” said Robert Hunter, the director of insurance for the Consumer Federation of America.
Not that other roof types are problem-free. Metal roofs can corrode, particularly when two different metals touch. Shingles age more quickly than other roof types, becoming brittle, and they can blow off in high winds. Tile roofs are expensive, something insurers are guaranteed to factor into the insurance rates.
Read the court decisionRead the full story...Reprinted courtesy of
Newmeyer & Dillion Announces Three New Partners
March 16, 2017 —
Newmeyer & Dillion LLPNEWPORT BEACH, Calif. – FEBRUARY 7, 2017 – Prominent business and real estate law firm Newmeyer & Dillion LLP is pleased to announce that three of the firm’s attorneys – Ben Ammerman, Anne Kelley and Rondi Walsh – have been elected to partnership. Their promotions are effective immediately.
“The elevation of these three attorneys is a testament to their leadership, hard work, and unwavering commitment to superior service for our clients and the firm,” proclaimed Jeff Dennis, Newmeyer & Dillion’s Managing Partner. “This is an exciting time for the firm as we look forward to their continued success and contributions.”
Ammerman (based in Newport Beach, CA) focuses his practice in the areas of business, real estate, and tort litigation. In addition to his private practice, Ammerman presently serves as a Commander in the Navy Reserve Judge Advocate General’s Corps. He's also an active alumnus, currently named co-chair of the University of Southern California’s 20th Reunion Committee.
Kelley (based in Walnut Creek, CA) concentrates primarily in construction litigation and insurance coverage matters. She has over 12 years of experience working closely with builders, developers, contractors and subcontractors throughout Northern California developing legal strategies specific to the needs of each matter and the client’s business and goals. Kelley has litigated a wide variety of complex insurance coverage disputes.
Walsh (based in Newport Beach, CA) has incorporated into her practice the representation of policyholders in first and third-party insurance coverage, and business lawsuits involving contracts, property disputes, products liability and construction defect issues. She also has litigated numerous political and election law matters and has worked both professionally and as a volunteer on numerous political campaigns. Walsh is also an active member with the National Charity League.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Two Lawyers From Hunton’s Insurance Recovery Group, Andrea DeField and Latosha Ellis, Selected for American Bar Association’s 2022 “On The Rise” Award
August 15, 2022 —
Kevin V. Small - Hunton Insurance Recovery BlogPartner, Andrea DeField, and counsel, Latosha Ellis, were each recently awarded “On the Rise – Top 40 Young Lawyers” honors by the American Bar Association’s Young Lawyers Division. The award honors 40 of the nation’s most promising lawyers under the age of 40 or who have been licensed for 10 years or less. Recipients demonstrate high achievement, innovation, vision, leadership, and service to the profession and their communities, including extensive knowledge in litigation or transactional work and commitment to pro bono, charitable, or professional volunteer work, all while making a lasting impact in their respective fields. More information may be found
here.
Reprinted courtesy of
Kevin V. Small, Hunton Andrews Kurth
Mr. Small may be contacted at ksmall@HuntonAK.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Substitute Materials — What Are Your Duties? What Are Your Risks? (Law Note)
June 27, 2022 —
Melissa Dewey Brumback - Construction Law in North CarolinaIn managing a project as the design professional, you are called upon to wear many hats. One of those hats is that of material specifier and, at times, substitute material approver. What are your duties in looking at substitute materials?
As always, the legal answer is “it depends”. In part, it will depend on your role on the project and what, specifically, the contract says. However, at its most basic, you can be sued for accepting an out of spec substitute material. This is so even if you believed the spec met requirements based on information that the contractor gave you. So, tread carefully in this area.
Do not assume any information that the contractor presents to you– take the time to research for yourself, call the manufacturer, and otherwise ensure that the product will work.
Read the court decisionRead the full story...Reprinted courtesy of
Melissa Dewey Brumback, Ragsdale LiggettMs. Brumback may be contacted at
mbrumback@rl-law.com
