The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Are Modern Buildings Silently Killing Us?
May 16, 2022 —
Michael Rubino - Construction ExecutiveConstruction, in general, is a rapidly evolving industry as contractors, architects, and engineers are tasked with keeping up with government regulations, building practices and technological innovations. While growth and evolution are pivotal components of successful projects and businesses, it’s led to a few issues, one of which involves mold.
Like the construction industry, the world of mold is evolving as more research, understanding, and awareness develops, highlighting its prevalence in buildings and the effect it can have on the health of those exposed. What industry professionals are witnessing time and again is an increasing occurrence of individuals reaching out and asking for help after experiencing exposure that led to chronic illness. The reality is that modern buildings are contributing to this rise.
The Top of the Funnel
An issue aiding in mold’s prevalence in modern-day buildings is the way in which they are built. In an effort to achieve net-zero energy-efficient buildings, construction professionals have adopted the technique of sealing buildings as tightly as possible. While this transition reduces energy costs in the building, it also introduces a few new problems that aren't always addressed in modern construction. One such issue is how the lack of airflow between the indoor and outdoor environments can lead to a buildup of contaminant particles in the building.
Reprinted courtesy of
Michael Rubino, Construction Executive, a publication of Associated Builders and Contractors. All rights reserved.
Read the court decisionRead the full story...Reprinted courtesy of
Undocumented Debris at Mississippi Port Sparks Legal Battle
July 26, 2017 —
Jim Parsons - Engineering News-RecordUndocumented underground debris fields at a Gulf of Mexico port project are at the heart of a contractor’s nearly $50-million federal lawsuit against the Mississippi Development Authority and eight engineering and construction consultants.
Read the court decisionRead the full story...Reprinted courtesy of
Jim Parsons, ENRENR may be contacted at
ENR.com@bnpmedia.com
Congress Relaxes Several PPP Loan Requirements
June 15, 2020 —
Greg Tross & Michael Krueger – Newmeyer DillionOn June 3, 2020, Congress passed the Paycheck Protection Program Flexibility Act ("Act") which does exactly what it means to do: provide flexibility for PPP loan recipients. President Trump is expected to sign the bill into law within the week.
The Act extends the "covered period" for Paycheck Protection Program ("PPP") loans from the original eight weeks to 24 weeks or December 31, 2020, whichever is earlier. This extension provides much needed reprieve to small businesses who can utilize these funds to weather the economic effects of the Coronavirus Pandemic through 2020.
The Act also revises the limitations on how small businesses utilize their PPP loans. While the CARES Act originally required 75% of the PPP loan to be used for payroll costs, this number has now been reduced to 60%. This means that up to 40% of the PPP loan can be used to cover mortgage obligations, rent, and other covered utility payments.
The PPP loan payment deferral period has also been extended to align with the date on which the PPP loan's forgiveness amount is remitted to the lender. This should provide more certainty to small businesses on their payback obligations, if any.
Recently, the Small Business Administration also released loan forgiveness applications to assist a business in calculating their loan forgiveness. While the SBA will likely revise it with the Act's passing, small businesses should look at the application's framework to prepare for submitting their loan forgiveness requests in the future.
Newmeyer Dillion continues to follow COVID-19 and its impact on your business and our communities. Feel free to reach out to us at NDcovid19response@ndlf.com or visit us at www.newmeyerdillion.com/covid-19-multidisciplinary-task-force/.
Reprinted courtesy of
Greg Tross, Newmeyer Dillion and
Michael Krueger, Newmeyer Dillion
Mr. Tross may be contacted at greg.tross@ndlf.com
Mr. Krueger may be contacted at michael.krueger@ndlf.com
Read the court decisionRead the full story...Reprinted courtesy of
Is Construction Defect Litigation a Cause for Lack of Condos in Minneapolis?
September 17, 2015 —
Beverley BevenFlorez-CDJ STAFFAccording to Peter Callaghan writing for the Minn Post, while multi-family residential real estate is “hot” right now, most developers are building apartments rather than condos. Four developers spoke on the topic during Minneapolis City Council Member Lisa Goodman’s monthly “Lunch with Lisa” program. The developers stated that financing is more difficult for condos than it is for apartments, and millennials and baby boomers seem to prefer renting over buying. However, some developers stated that “the 10-year liability exposure for construction defects” was another reason to avoid condo building.
However, not all developers avoid condo building in Minneapolis. Jim Stanton, owner of Shamrock Development, said that he still is building condos. Stanton declared that he “has a good relationship with his lender,” and “he hasn’t been sued a lot and has never had a suit reach court.”
Read the court decisionRead the full story...Reprinted courtesy of
From ‘Cuckoo’s Egg’ to Today’s Cyber Threat Landscape
September 02, 2024 —
Aarni Heiskanen - AEC BusinessIn 1990, I read an exciting book titled The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. The author, astronomer Clifford Stoll, managed computers at Lawrence Berkeley National Laboratory (LBNL) in California. He was tasked with resolving an accounting error of 75 cents in the computer usage accounts.
The tedious process eventually led him to disclose a German hacker who had gained access to U.S. military secrets through LBNL’s computers. He had been selling information to the KGB for years.
Today’s threat landscape in construction
The LBNL incident was one of the first—if not the first—documented cases of a computer break-in. Fast-forward to today and cyber-attacks are an everyday phenomenon that occurs more often in construction.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
aec-business@aepartners.fi
Why Federal and State Agencies are Considering Converting from a “Gallons Consumed” to a “Road Usage” Tax – And What are the Risks to the Consumer?
August 26, 2015 —
Roger Hughes – California Construction Law Blog“‘We’re going to have to find another way to finance the upkeep of the roads,’ Gov. Jerry Brown said earlier this year in rolling out his 2015 budget. Governor Brown gave no specifics, but last fall he signed a law that set up a commission to study a ‘road usage charge’ with a call to ‘establish a pilot program by Jan. 1, 2017…'” – San Jose Mercury News, January 27, 2015
This Change, It’s a Coming (Maybe)
Many states and the federal government are seriously considering converting from a “gallons consumed” tax levy to a “miles driven” program for determining gasoline tax. There are several compelling reasons for such a change. First, our roads are falling apart while revenue from current highway taxes fall woefully short of our current and projected needs. In the meantime, the number of miles driven by all-electric cars that pay no gas tax, is increasing rapidly; and by hybrids that pay substantially reduced tax; and worse for the taxing authorities, by increasingly efficient gas-powered cars. All of this means rapidly dropping gas tax revenues. Seeing this trend, local, state and the federal governments are making a major push to convert from a consumption based tax to a “miles driven” tax. This a good thing for those of us that believe increased investment in our transportation infrastructure is of high national concern.
Read the court decisionRead the full story...Reprinted courtesy of
Roger Hughes, Wendel Rosen Black & Dean LLPMr. Hughes may be contacted at
rhughes@wendel.com
Spreading Cracks On FIU Bridge Failed to Alarm Project Team
May 20, 2019 —
Scott Judy & Richard Korman - Engineering News-RecordOn the morning of last year’s Florida International University pedestrian bridge collapse, when the engineer of record assured project team members that there were no safety risks related to cracks propagating across a part of the unusual single-truss structure, other project team members voiced mild concern, but no alarm. In hindsight, considering that the bridge had no inherent structural redundancy as it sat, incomplete, straddling a busy highway—and would suffer a sudden, catastrophic and deadly collapse just hours later—the team’s lack of urgency remains puzzling, say engineering experts contacted by ENR for comment.
Reprinted courtesy of
Scott Judy, ENR and
Richard Korman, ENR
Mr. Judy may be contacted at mailto:judys@enr.com
Mr. Korman may be contacted at kormanr@enr.com
Read the court decisionRead the full story...Reprinted courtesy of
