Are Your Patent Files Safe from Hackers?
Nearly every week, hack attacks are in the news. Data thieves have gone after banks, health insurance providers, retailers, and even a movie studio, taking personal information, emails, and hundreds of millions of other items of data. The information has been used to commit identity theft, steal money, and publicly humiliate the victims.
Will law firms be the next targets in the headlines?
As reported by the New York Times, a recent report by Citigroup is critical of US law firms for failing to disclose data breaches. Because of the secrecy surrounding cyber intrusions into law firms, it’s impossible to determine how prevalent these attacks are and whether they are on the rise.
But there’s no question that law firms are under attack.
Maintaining Client Confidentiality
Law firms, of course, have a duty to maintain the confidentiality of client records.
ABA Model Rule 1.6 provides:
A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
It’s clear that those “reasonable efforts” include appropriate cyber-security efforts.
The first state bar ethics opinion on this issue appears to be State Bar of Arizona Opinion No. 05-04, from July, 2005, which states:
An attorney or law firm is obligated to take reasonable and competent steps to assure that the client’s electronic information is not lost or destroyed. In order to do that, an attorney must either have the competence to evaluate the nature of the potential threat to the client’s electronic files and to evaluate and deploy appropriate computer hardware and software to accomplish that end, or if the attorney lacks or cannot reasonably obtain that competence, to retain an expert consultant who does have such competence.
Other state bar associations have since issued similar opinions, and common law also imposes duties to protect client information.
A breach of that duty of confidentiality can lead to claims for legal malpractice – and worse.
According to an article in The Computer & Internet Lawyer:
The impact on a law firm that gains a reputation as being unable to protect confidential data, particularly client data, could be devastating to its image, its ability to retain and attract clients, and its standing in the legal community.
Patents under Attack
According to BloombergBusiness, hackers based in China trying to derail a $40 billion acquisition targeted seven Canadian law firms. The FBI subsequently warned the top 200 law firms in New York City that “hackers see attorneys as a back door to the valuable data of their corporate clients.”
One security expert estimates that at least 80 major US law firms were hacked in 2011, according to Bloomberg.
According to the Times, the Citigroup report:
...said law firms were at “high risk for cyberintrusions” and would “continue to be targeted by malicious actors looking to steal information on highly sensitive matters such as mergers and acquisitions and patent applications.
In theory, now that the US has switched from a “first to invent” to a “first to file” system, information in a draft patent application stolen from a law firm’s computer network could be used to beat the actual inventor to the Patent Office.
How a Unified IP Platform Can Reduce the Risk of Data Breaches
Law firms are known for being far from the cutting edge when it comes to technology, and that’s especially true with respect to data security.
The ABA’s Law Practice reported that Matt Kesner, the CIO of Fenwick and West LLP, noted that China “doesn’t waste its ‘A’ [hacker] squads on law firms because their security is so dreadful. The rookies on the ‘C’ squads are good enough to penetrate most law firms.”
As we say in our white paper on Making the Case for a Unified IP Platform:
Every additional file server, scanner, printer, email user, application and desktop presents a new attack vector for cyber criminals to exploit for the purpose of stealing the clients most valued assets.
IP firms are entrusted with protecting a large percentage of their clients’ value and yet a recent survey conducted by Marsh USA, reports that almost 80 percent of respondents consider cyber/privacy security to be one of their firm’s top 10 risks; 72 percent said their firm has not assessed and scaled the cost of a data breach based on the information it retains.
Anaqua’s unified IP platform enhances information security for law firms by shrinking the attack “surface area.” By reducing process steps, printers, unmanaged emails and attachments, data stores, and file servers, Anaqua’s platform helps firms reduce the risk of criminal intrusions.
Additionally, if the unified IP platform is hosted in the cloud, the firm gains the additional benefit of having the entire platform managed in a secure, audited, and compliant data center.
The Anaqua IP platform lets firms:
- Scan documents automatically and securely deliver them to the right destination
- Eliminate sources of data leakage such as network drives and rogue SharePoint sites
- Eliminate home-grown apps that may have security vulnerabilities
- Simplify logging and monitoring