The Biggest Data Breach of 2017 and Why it Matters to Even the Smallest Law Firms
The Equifax data breach that occurred in July of 2017 is now infamous as one of the largest in cybersecurity history. The breach affected 143 million customers, and because of the nature of Equifax, included highly sensitive information, including social security numbers, full names, driver’s license numbers, and addresses. This may sound dramatic, but the implications are universal, and the problem is only worsening. Here’s what happened and why your business cannot afford to risk a data breach, no matter what you think you have online.
How Such a Big Brand Got Hacked
Equifax is a massive company that is known for handling sensitive information. So how did it get hacked? Put simply, hackers found a way in through a tool used to build components of Equifax’s website. Websites are only as strong as their weakest link, and that means that every vendor, from web layout designers to calendar plug-ins to payment processors, must be vetted to ensure that no doors are left open. Whether building, updating or re-evaluating a website, it is critical to know who is responsible for every piece of every page and what measures they take to ensure best practices for holistic security.
Liability is Everywhere
Negligent security practices are considered an ethical liability. Poor cybersecurity can lead to malpractice suits, even if a security breach does not occur. Of course, it can also lead to a breach, which may lead to the distribution of client information and result in an even worse legal situation. It is critically important that lawyers recognize the exposure that their own websites and IT departments face, as well as the potential risks that their clients face. Precedents are shifting with every case, and whether the fallout of a data breach is jail time, financial penalties, or a total loss of consumer confidence and brand reputation, web security breaches can ruin any business, whether it has one employee or one thousand. Small firms likely do not employ multiple Information Security professionals beyond their sole Information Technology person, while large business often has so many people working in IT that practices become siloed. This complicates the issue of liability and underscores the need for comprehensive cybersecurity initiatives, no matter the size of the firm or the perceived importance or vulnerability of the website.
Protect Yourself and Your Firm
If you do not know for sure whether your practice is currently secure, it is imperative that you audit your entire organization for potential vulnerabilities. Current laws implicate individuals for information security, and many individuals are unaware of their own liability, much less the best ways to protect themselves and the information for which they are responsible. After auditing your current IT landscape, moving towards total information encryption and comprehensive cybersecurity programs are the first steps in what should become a routine of encrypting data, storing it wisely, and vetting every vendor’s security practices, every time.