Recent reports indicate that 193 law firms have suffered a data breach related to an unsecured database.
It is reported that the exposed database contained information related to the staff of legal firms and sensitive data relating to authentication on behalf of clients as well as usernames, IDs, hashed passwords, names of organisations, and details of platform administrators.
For some of the firms, potentially sensitive information like names, addresses, phone numbers, birth towns, passport numbers, NI numbers, eye colour, mother’s maiden names and father’s first names were compromised.
Information like company type, company name, contact name, contact number and company authentication code were also stored in the exposed database. Extensive details of transactions, payment terms and client agreements are believed to be a part of the database as well.
There are three really important questions for law firms:
Law firms commonly use multiple third party suppliers to deliver on their objectives. The suppliers can be ‘points for entry’ for information and cyber security incidents with resulting reputational, financial and legal damage. An organisation is only as secure as its weakest supplier.
Crowe can help law firms to avoid these vulnerabilities in three ways:
Step-by-step technical and management guidelines for specific incident types, including workflows, roles of key personnel and actions plans. Include pre-prepared statements for release to the press, and communications that would be sent to regulators and other interested parties.
(b) Undertake walkthrough exercises to test a response team’s understanding of a plan in different scenarios.
(c) Facilitate crisis simulation to rehearse the Scheme’s response to a scenario.
The uncertainty of the COVID-19 pandemic is forcing firms to focus on cashflow. Cash is king - are you maximising your cash in and managing your cash out?
COVID-19 related webinars