It’s happened again. This time it’s Chicago-based global law firm Seyfarth Shaw that has been subjected to a cyberattack.
According to the firm unauthorised activity was detected by its monitoring systems on Saturday. As the UK’s leading supplier of media training and crisis communications training for law firms, we’re always saddened to hear of these attacks. But we’re also keen to explore how well a law firm handles the crisis communications element.
In our crisis communications courses for law firms, we emphasise the importance of acting quickly. Whether it’s an attack like this, an allegation of malpractice, a fire in the firm’s offices, or an accusation of sexual impropriety, taking the initiative and moving quickly is essential. We used to talk in crisis communications consultancy about “the golden hour.”
This was the 60 minutes or so immediately after a crisis that an organisation working in any sector had to take control of the issues, release a statement, and be ready to answer enquiries from journalists and other interested parties.
Fumble this vital initial stage and you’ll spend the rest of the crisis news cycle on the back foot, reacting to events, denying accusations, and issuing defensive statements and clarifications. Today, with the advent of online media, both social and conventional, that “golden hour” is more like a few minutes.
During our crisis communications workshops, we work with the Comms teams of law firms ranging from magic circle names to smaller organisations to create a relevant, believable crisis scenario. A cyberattack or ransomware demand is very common, as you can imagine.
We then work with the in-house team to audit their crisis communications procedures and to develop answers and lines to take in response to journalists’ questions. We then carry out authentic role-play press, radio and TV interviews with spokespeople, senior partners, and others within the firm to give them the practical skills that they’ll need to handle these crises.
Seyfarth has done well to respond quickly. The fact that the attack was identified on a Saturday isn’t surprising.
This is often a time when hackers believe that firms will be vulnerable because they won’t notice any breach and, even if they do, it will take a while for them to react. Lesson one of a good crisis communications plan for a law firm – make sure that you have out of hours cover to manage these events internally and communicate externally.
“On Saturday, October 10, 2020, Seyfarth was the victim of a sophisticated and aggressive malware attack that appears to be ransomware,” the firm said in its statement. “We understand that a number of other entities were simultaneously hit with this same attack. Our monitoring systems detected the unauthorized activity, and our IT team acted quickly to prevent its spread and protect our systems.”
This is a good statement – simple and factual. It recognises the significance of the incident without exaggerating it (that, unfortunately, is often what journalists see as their role.) We also stress the importance in a statement during any kind of crisis communication of taking action – you need to be seen to be doing something. Seyfarth goes on to talk about the action it is taking in relation to its systems, in this case, the decision to
“shut them down as a precautionary measure.”
The firm adds that it has found no evidence that any client or internal data has been removed or accessed. It later announced that it is working with the FBI to identify those responsible. Cooperating with the emergency services or any other official body is a good example of action during a crisis. It makes it clear that you take the situation seriously and it’s reassuring to the audience.
They might unsure about your capabilities but they can be pretty confident that the FBI or, for that matter, the police, the fire brigade, or an independent regulator knows what they’re doing. Bringing in these independent experts also demonstrates transparency – another essential element of a crisis communications strategy.
What else does Seyfarth say and what else should any law firm in a crisis situation talk about?
“We have found no evidence that any of our client or firm data was accessed or removed,”
repeated the firm, adding:
“Our clients remain our top priority, and we will continue to do everything necessary to protect their confidential information and continue to serve them.”
Top marks again for reassurance. This is important because the media will try to
the story, as we say in the business, making it sound as serious and worrying as they can.
The challenge for the law’s Comms team is to de-escalate the situation without sounding dismissive.
“We only lost a few files,”
might be honest but it’s not good to hear if you’re a client, concerned that your confidential information might be among what’s gone missing.
But perhaps they could have added some sympathy or concern. This is, after all, a worrying situation for clients – some recognition of this fact would be good. Seyfarth includes a line about many other law firms suffering similar attacks but the firm could develop this a bit. Broadening out a difficult issue to include others, and putting it into context can help to take the pressure and the negative spotlight away from you alone.
The reference to clients remaining the firm’s top priority speaks directly to a key audience in this situation, perhaps the key audience, although potential clients will also be interested. A Google search in the next few months by anyone considering giving their business to Seyfarth will also reveal this incident. Therefore, how well it – or any law firm in a similar predicament – copes, has a long-lasting effect.
As we say in our crisis communications courses for law firms, the stakes are high. Handle a serious incident badly and you’ll damage your reputation and your bottom line for years to come. However, manage it well and it can actually enhance your brand image and lead to new business.
Chat to Communicate Media
Our media training courses are realistic, bespoke to your needs, quick to turn around, and cost-effective.