Unleashing the power of technology also means the threat of cyber attack looms just around the corner. As the well-publicized Sony Studios hack played out in 2014, the release of privileged data caused incalculable harm to the organization.

While the perpetrators in the Sony case were sophisticated, nation-state actors, law firms must be prepared for threats of all shapes and sizes, which was the overarching message from today’s ILTACON session “Preparing a Cybercrime Incident Response Plan.”

As the panelists noted, in recent years law enforcement have been the target of foreign ransomware attacks – a scheme where hackers take control of computer systems and/or data and hold it for ransom. Even when perpetrators are only looking for a minimal amount of money to get the data back – perhaps even $500 – they become emboldened when ransoms are paid and go after other organizations. Spread that out among thousands of organizations, and these attacks can become a profitable enterprise; and law firms are becoming a new target.

According to Don Ulsch, senior managing director of Advisory Forensic Services with PricewaterhouseCoopers LLP, managing a ransomware attack comes down to a simple question: do you have sufficient back-ups that you could endure the loss of data? As he noted, loss intellectual property and trade secrets is one thing, but the reputation of your organization is more valuable.

As the panel noted, if a firm is fortunate enough to contain a breach, a twofold question emerges – when do you need to let a client and/or law enforcement know? According to the panel, if data is encrypted, it may not be necessary… but only to a point.

“The common thread is this is not an either-or proposition, I have found the FBI to be most useful when you have a certain threat… and they can discern trends that might catch the perpetrators,” Craig Newman, partner with Patterson Belknap Webb & Tyler, noted. Marcus Christian, partner with Mayer Brown LLP, agreed that having an ongoing relationship with federal authorities is best so they can help assess how serious a threat is, and perhaps, work to bring bad actors to justice later on.

Newman added that having an established relationship with law enforcement simply means that they will likely respond quicker when an issue arises. And as Ulsch noted, it’s best to have these relationships with law enforcement before a breach occurs.

“When law firms suffer data breach… the key is to make sure you protect attorney-client privilege,” Newman added, and in his experience, the FBI and other federal law enforcement agencies typically respect the importance of that privilege. “Many people in the FBI are lawyers by training.”

The problem, Newman conceded, is that organizations still see cybercrime as an “IT problem” and not a business issue. As a result, many business leaders, particularly board members, are still hesitant to share information relating to hacking and data breach incidents. Newman admitted that in the long view, the threat of cybercrime is still in its “early days.”

“Creating a secure culture is what’s needed,” Ulsch added. In many cases, public and private organizations have forged partnerships to confront data security, and as the panelists described, most states have adopted ethical rules that follow ABA Model Rules on data sharing and confidentiality. These standards can become a roadmap for an organization’s data security plan.