What Law Firms Can Learn from the 2020 Court System Data Breach

One of the primary reasons why law firms should be on guard against the threat of a data breach—aside from ethical obligations to protect client data—is that no organization is immune to one.

Take, for example, the federal court system. You might assume that if any organization has ample resources to defeat potential data breaches, it would be an agency that’s part of the federal government. However, in 2020, there was a major data breach of the U.S. federal court system—one that the Justice Department was still investigating well into 2022.

What do we know about this data breach and how it affected the court system? More importantly, what can your law firm do to avoid data breaches if even the government can be susceptible to compromise?

The 2020 Federal Court Data Breach: What We Know

The government data breach of the U.S. court system has been widely reported since it was first announced. Here are some of the relevant details about the attack that have been shared in different news stories:

• Though Matt Olsen, head of the Justice Department’s National Security Division, declined to comment on which actors were behind the attack, he “noted that his division was focused generally on the risk of cyber attacks by foreign nations like China, Russia, Iran and North Korea” (Source: Reuters).
• A 2021 notice by the Administrative Office of the U.S. Courts indicates a possible connection to the SolarWinds hack from late 2020 (Source: CPO Magazine).
• CPO Magazine also highlighted a statement that: “Three hostile foreign actors doesn’t mean they discovered three individual human hackers. It means three different, likely unrelated, foreign groups.”
• Reuters also highlighted that the federal judiciary was “working to modernize its electronic case management and filing system and the related online portal known as PACER… citing the risk of cyber attacks on the aging electronic system.”
• The Administrative Office of the U.S. Courts first stated that it was investigating “an apparent compromise” in January 2021 (Source: Bloomberg).
• Bloomberg also reported that Administrative Office “said the breach occurred as a result of vulnerabilities in its electronic case filing system that risked compromising sensitive sealed filings.”
• On July 28, 2022, the U.S. Government Accountability Office (GAO) released a report titled: “U.S. Courts: Action Needed to Improve IT Management and Establish a Chief Information Officer.” This report detailed 18 separate actions to help improve information security in the court system.
• The federal court system had “shortcomings in 11 of the 12 recommended leading workforce management practices” for IT (Source: CSO Online).

What Can We Learn from the Federal Data Breach?

So, what lessons can law firms draw from the information security breach of the federal court system? Here are a few potential lessons that we can draw from what details have been reported thus far:

• Unpatched Systems Can Pose a Serious Threat to Cybersecurity. Since the court system is now actively working to improve its case management system in response to this breach, it seems likely that there was an unpatched vulnerability in this system that led to the security breach. So, law firms that have old IT assets and systems on their network may also want to check if they have the latest security patches and firmware updates.
• No Organization Is Immune to Data Compromise. Information security should never be taken for granted. So, law firms need to be ever-vigilant against potential threats and work to proactively mitigate data breach risks as much as possible.
• IT Staffing Can Be Crucial for Data Security. One of the major recommendations from the U.S. GAO is that “The Director of the Administrative Office of the U.S. Courts should conduct a strategic analysis to fully determine the agency’s IT staffing needs.” Without adequate staff to manage and maintain IT resources, the risk of having security vulnerabilities may grow.
• If One Malicious Actor Can Find a Vulnerability, Others Will Too. The CPO Magazine article implies that three separate and unrelated foreign actors leveraged the same vulnerability to repeatedly breach the court system’s security. This indicates just how easy it is for unrelated actors to independently identify existing vulnerabilities and use them to compromise your data security.

What Can You Do to Avoid Data Breaches?

If a government agency isn’t immune to data breaches, what can your law firm do to avoid them? To avoid a breach like what the federal court system suffered, there are a few things that law firms can do. While there is no such thing as a perfect defense, taking some basic precautions can help to minimize risk:

1. Keep Your IT Assets Up to Date with the Latest Security Patches

Unpatched security vulnerabilities offer malicious actors an easily-exploited way to breach your cybersecurity. In fact, ZDNet reported that: “IT security professionals admit that one in three breaches are the result of vulnerabilities that they should have already patched.” So, one way to prevent data breaches is to apply new security patches for your IT assets as they’re released.

However, keeping up with security patches is often easier said than done. This is especially true for organizations with robust IT infrastructures drawing on resources from a wide range of vendors. Individual vendors may also find and fix new security issues on a near-monthly basis—further complicating the process of keeping up with the latest patches.

Setting up a routine schedule for checking for security patches and ensuring that they’re applied to all software, operating systems, and devices used throughout the office can help your firm limit the length of time that vulnerabilities exist after security patches have been released. If available, it can also help to opt-in to receive security patch release notifications from your IT vendors so your IT team can be made aware of new patches as they’re released.

2. Create a Map of All Your Firm’s IT Assets

When setting up your IT infrastructure or reviewing your IT management plan for enhanced cybersecurity, it’s necessary to have a complete map of all the software, hardware, and other assets on your network. This way, your cybersecurity plan can account for all of the items on your network.

Without a comprehensive map of your IT assets, it’s harder to verify that you’ve closed every security gap—leaving your firm at a higher risk of having unpatched vulnerabilities.

3. Train Your Staff in Cybersecurity Topics

Everyone in your law firm, from the partner attorneys to the paralegals, secretaries, and front desk staff should all have a solid grasp of basic cybersecurity topics like phishing emails, ransomware, and safe web usage.

Another focus of cybersecurity training should be on what everyone should do in the event of a data breach. For example, who is responsible for reporting a data breach to the IT team (or your managed IT vendor) and coordinating remediation efforts with them? Who is responsible for making the report to the authorities about a legal data breach? Who should compose and send out the data breach notification emails to the firm’s clients?

Because time is a crucial factor for protecting clients from potential fraud made possible by a data breach, it’s important that your whole remediation process goes as quickly and smoothly as possible. Training legal staff in how to spot and report a potential breach can mean the difference between containing the threat early and becoming another data breach headline.

Frequent training and even testing staff on their IT security knowledge can also help prevent breaches in the first place. Staff who are wary of potential phishing tests and are up to date on cybersecurity knowledge are better equipped to spot and avoid phishing emails and other online scams at work.

4. Consult an IT Infrastructure Expert

Cybersecurity is a massively complicated topic that often requires extensive work to manage effectively. There are countless different cybersecurity tools that a modern business needs to maintain an acceptable minimum level of security (and numerous variations of each tool).

To ensure that your IT infrastructure meets or exceeds the minimum necessary requirements for cybersecurity, it’s important to consult with an experienced IT infrastructure or cybersecurity expert. A professional specializing in IT is more likely to have the wealth of knowledge about cybersecurity tools needed to help make your firm’s network more secure while preserving a positive user experience (UX) for all the members of your legal staff.

Some of the specific tools an IT or cybersecurity expert might help you set up include firewalls, antivirus/antimalware tools, multifactor authentication, and even a remote data backup or business continuity and disaster recovery solution (to counteract ransomware threats).

5. Periodically Check the Dark Web for Your Firm’s Information

The “Dark Web” is a hidden portion of the internet that isn’t accessible from normal web browsers. Cybercriminals frequently use sites on the Dark Web to sell stolen information. Checking to see if your firm’s information is being sold on the Dark Web can provide a clear warning of a data breach.

This is where services like a dark web scan can help. A dark web scan is a service that some managed service providers and cybersecurity firms offer that checks the Dark Web for your firm’s sensitive information. If found, you’re notified so that you can start to take the appropriate action to protect your firm from the effects of a data breach. Schedule a complimentary dark web scan with Converged Technology Group to protect your organization’s most valuable resource now!

Start Protecting Your Law Firm Now!

Are you ready to start protecting your firm from malicious actors on the internet? Get started today by contacting Converged Technology Group!