Are You the Last Lawyer Left Without a Data Breach Plan?
Attorneys often hold sensitive, private information on their clients; information which, if lost, can be extremely damaging to both clients and their lawyers. And hackers are increasingly targeting law firms, stealing proprietary information on their competitors, or using ransomware to hold important information hostage.
Thankfully, a new report shows that most lawyers are starting to take the risks of a data breaches seriously: 95 percent of surveyed firms had a data breach plan in place or were developing one.
Firms Are Taking Cybersecurity Seriously, Sort Of...
The survey, by ALM Legal Intelligence, looked at the cybersecurity practices of 69 law firm respondents -- the vast majority of whom (86 percent) were from large firms with more than $50 million in annual revenues, so they don't exactly paint the clearest picture of what's happening in smaller, solo, or boutique practices. But they do tell us that big firms are at least starting to take cybersecurity and data breaches seriously.
Having a data breach plan in place is becoming the norm. Currently, 73 percent of surveyed firms have a data breach plan in place, while 22 percent are in the process of creating one, according to the survey. There's little information on what those plans consist of, but experts often recommend steps such as:
- Bringing on cybersecurity experts to implement basic cybersecurity protections.
- Protecting client data by storing it on offsite, secured servers.
- Analyzing and inspecting traffic to detect malicious or questionable traffic.
- Encrypting all correspondence.
- Regularly testing of a firm's incident detection and response plan.
And while 95 percent is a great number, there are still plenty of failings in law firm cybersecurity. Half of firms do not have a data protection committee, a third have no cybersecurity insurance policies, and nearly one tenth of all firms surveyed had never performed a formal security assessment.
Not Convinced?
If you're one of the minority of lawyers who doesn't think cybersecurity matters to you, think again. Hackers are increasingly targeting firms in ways that can disrupt your practice and damage your reputation. In March, Bloomberg reported that most big law firms have been hacked and that "the frequency of attempts and attacks has been increasing substantially."
This June, the ABA Journal reported on a spate of "ransomware" attacks in which hackers used malicious software to infect firm computers, encrypt all the data present, and demand ransom for its restoration. Even firms who've paid the ransom may not get back everything that was compromised.
Such reports show that cyber-attacks are becoming almost inevitable. Don't let your firm be unprotected when they arrive.
Related Resources:
- Report: Half of Law Firms Do Not Have a Data Protection Committee (SC Magazine)
- Does Your Firm Need Cyber Insurance? (FindLaw's Strategist)
- Cybersecurity 101: Best Practices Your Firm Should Implement (FindLaw's Strategist)
- Boutique Firm Becomes First to Pass Legal Tech Assessment (FindLaw's Strategist)