Will Big Breaches Create More Trickle Down Impact for Law Firms?

Posted on 02-11-2015 by
Tags: cyber security , Trending News & Topics , Data Breach

In a post by LawFirmRisk, they analyze the Morgan Stanley breach involving financial adviser Galen Marsh.

Citing an article by the Wall Street Journal, it shared the following details:

  • "... [A] financial adviser named Galen Marsh started to sift through the account records of some 350,000 of the firm’s clients. Virtually none of them were his own. In what some security experts are saying is likely the biggest data theft at a wealth-management firm..."
  • "By December, some of that account information appeared on a text-sharing website, with the offer to trade it for an obscure virtual currency."
  • "Twelve days later, a different item provided a sample of the information that was available, giving details from 1,200 accounts that Morgan Stanley said were tied to 900 clients."
  • "Already, the episode is having ramifications within Morgan Stanley: On Tuesday, people familiar with the matter said the firm has tightened access to its client database so that individual advisers no longer have access to such wide swaths of account data."
  • "It isn’t uncommon in the wealth-management industry for advisers to squirrel away information about clients before leaving for another firm, since a stable of wealthy clients is the lifeblood of any successful advisory practice."

Given the situation, two things come to mind:

The first this is that in 2011, when Bank of America feared it was about to see internal information shared via Wikileaks, they, as well as others went on an OCG and law firm audit push that sent ripples throughout the legal industry.

Will we see even greater focus on the firms that hold and manage this sensitive data?

Morgan Stanley has already hired an outside consulting firm to “increase its capacity to take calls from clients concerned about the breach and provide credit and identity-theft protective services."

Will it feel the need to similarly demonstrate its commitment to security by announcing additional 'belt tightening' that will trickle down to its outside counsel and other vendors?

The second thought is that this highlights the actual impact of free internal access to sensitive information.

Trends have shown a growing shift in the legal industry towards adopting a "members only" internal security model. This model would allow only individuals that are members of a particular matter team to access sensitive client data. Another model, the "hybrid" model, is a model where matters in specific practice groups or geographies default to closed access, while others remain open. This conservative trend is further supported by an ILTA technology survey, which showed the number of firms moving to a "pessimistic" security model had increased by 50% over the past year.

No company, firm or agency wants to find itself managing a crisis, but many are in that mode every day. Recent examples have ranged from massive data breaches and cyber attacks, to product recalls and Congressional investigations, to the specter of a deadly Ebola pandemic. Join us for a complementary webinar that will explore best practices in crisis management with examples from 2014, called by many “the year of the breach.”

Date: Thursday, Feb. 19, 2015 
Time: 2 to 3:35 p.m. EST (11 a.m. PT)
Duration: 95 minutes
CLE credits: Earn 1.5 credits

Register Today >>


Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close