The legal industry is facing an uptick in cyber-attacks and database breaches. Lawyers and law firms are attractive targets to hackers, as they often own treasure troves of sensitive data, such as trade secrets, personally identifiable information (PII), legal evidence, and other privileged client data. The American Bar Association’s 2021 Legal Technology Survey Report indicates that 25% of the law firms surveyed had already experienced a breach. Unfortunately, gaining access to firm data has become even easier with the increased dependence on cloud-based tools, such as eDiscovery platforms.
What is eDiscovery software?
Discovery is a legal procedure in which legal professionals exchange information and evidence. In past years, parties exchanged hundreds of boxes of paper documents, which had to be manually reviewed and tagged. Nowadays, paper documents have been replaced with electronic files, making the discovery process more straightforward.
eDiscovery software – also known as document review software – facilitates the processing of electronic documents in order to find evidence that can be used in a lawsuit or investigation. Documents processed during eDiscovery may contain data from emails, texts, social media accounts, cell phone data, online documents, computer databases, website content, digital audio or video, GPS data, IoT device data, and other electronically stored information (ESI).
How Document Transfer Puts Law Firms at Risk of Cyber Attacks
With so many sources of documents, many lawyers and law firms choose to utilize a third-party eDiscovery platform to manage the eDiscovery process for convenience and cost savings. However, transferring data from one party to another, whether from a client to an eDiscovery vendor, or between two law firms, is one of the most vulnerable areas for cyber breaches, as it opens the door to malware attacks.
Malware – also known as malicious software – is designed to surreptitiously access or damage a network or database. Hackers embed malicious code into seemingly innocent files. When those files are opened, the malware automatically executes and allows the hackers to gain access to valuable data or cause damage to the law firm.
Many of these threats first enter the firm through email phishing schemes: underhanded attempts to fool employees and individuals into clicking on malicious links or attachments in emails or uploading malicious documents to website portals. These “hacks” often exploit vulnerabilities in legal networks, capitalizing on the collaborative nature of the litigation and discovery process to gain access to the law firm’s data.
Legal Document Breaches
Panama Papers: In 2016, Panamanian law firm Mossack Fonseca used a secure portal that hadn’t been updated since 2009 and was vulnerable to a wide assortment of attacks. A security breach in their client portal resulted in a leak of 11.5 million emails and documents, including what has become known as the Panama Papers. These documents detailed the financial information of over 200,000 off-shore accounts. Many high net worth and highly public individuals and businesses were implicated by these documents.
Epiq Global: In 2020, Epiq Global — an eDiscovery vendor with 80 offices worldwide — was hit by ransomware. A phishing scheme allowed hackers to gain access to the network, exfiltrate the data, and demand a ransom for its return. Since this eDiscovery vendor hosted client and third-party data, corporate legal departments and law firms worldwide were negatively impacted by this breach.
Not Accepting Documents is Not an Option
For law firms, electronic discovery is a critical part of the investigative process and essential for the success of each lawsuit. It helps uncover valuable evidence in the most time and cost-efficient manner. eDiscovery also fulfills the law firms’ responsibility for competent and diligent representation, especially in an age where courts are critical of inefficient and manual processes. Due to its importance, eDiscovery is here to stay, but the legal industry must take the necessary steps to safeguard its networks against file-borne threats. The risks of financial and reputational damage associated with a cyber breach are too significant to ignore.
Votiro Cloud CDR for Safe File Processing During eDiscovery
Content Disarm and Reconstruction (CDR) is a security technology that cleanses potentially malicious code from computer files. Also known as file sanitization, CDR does not rely on detection like other anti-malware tools. Instead, the technology assumes all files are malicious and scrutinizes all individual file components outside of the approved firewall. The technology removes any malware, strips any embedded code, and rebuilds the file in a way that disrupts any additional covert malicious code. The end result is a safe copy of the original file, with all functionality intact.
Votiro’s scalable, flexible Content Disarm and Reconstruction as a Service (CDRaaS) technology proactively cleanses all incoming files of hidden known and unknown malware without impacting file processing, fidelity, or the user experience. Votiro’s open API integrates into any existing security technology stack and is built to sanitize files at immense speed and scale. This functionality is critical for busy law firms that handle large file processing volumes, as any disruption to file throughput can impact productivity and, thereby, revenue generation.
Choose Votiro for a Superior CDR Solution and Comprehensive eDiscovery Platform Protection
Unlike other CDR solutions, the Votiro Cloud utilizes Positive Selection® technology. This technology gives law firms the only solution on the market that delivers fully functional content in only milliseconds.
Law firms that guard their networks using CDR from Votiro allow the smooth flow of communications and an efficient eDiscovery process. They also protect their network and databases from attacks through malware sent by attachment-based phishing schemes. For more information about how to keep your law firm safe from file-borne cyber-attacks with technology that integrates easily into your existing security infrastructure, check out Votiro’s latest whitepaper. If you’re ready to see the Votiro Cloud in action or have any questions, please contact us or schedule a demo.