The TRUTH about Law Firm Security of their Client's Data
Data breaches continue to ravage law firms and their clients. You know this and so does Anthem and HBO as they recently fell victim to their data being exposed to hackers. This has increased pressure on ALL law firms to get control of their client’s sensitive data, or else they may lose their business and possibly be exposed to violations of ABA Rules 1.1 and 1.6. Furthermore, the REPUTATIONAL damage could be just as damning even if the law firm itself wasn't targeted. Such is the recent case of the Petya / Non-Petya attack and DLA Piper because of the exposure after the incident. Not all news is good news as DLA Piper is currently finding out.
So what can lawyers do to help the situation? The TRUTH? Most law firms should have been asking this question FIVE YEARS AGO. Those that did avoided being early victims...those that didn't, well, we are seeing the ripple effects.
SO WHY ARE LAW FIRMS UNDER FIRE FOR THEIR CLIENT'S DATA?
Law Firms are historically easier targets for hackers because they are a treasure-trove of information who’s security wasn’t scrutinized by their clients. WHY? Because of a false-sense of trust due to the Attorney-Client privilege. Almost as if the client or corporation is saying, “Hey, if I’m trusting you to keep this information secret, I’m confident you are doing everything you can to keep this extremely secure.”
WRONG.
SO...what can those late to the game due to help? It starts with Executive Buy-In. If you don’t have a decision-maker or a committee fully prepared to execute necessary steps and protocols to help shore up loose-ends, the firm is doomed to fail. Having a serious attitude and commitment about data security from the Top Brass makes mandatory end-user training more successful. More importantly, it allows for proper budgeting to address security needs, breach procedures, and continuing to evolve as new threats arise.
Secondly, and almost as important as getting the big guns to buy-in is KNOWING WHERE the data is. The ESPECIALLY HOLDS TRUE REGARDING YOUR FIRM’S eDiscovery NEEDS. How can you protect what you don’t know is out there? The creation of data maps is crucial and creates a chain-reaction of asking your firm’s vendors about their own security. Data Breaches aren’t an IT problem, they are the result of not doing due diligence on everyone handling the clients’ data. Just trusting their security is up-to-snuff is often a fatal mistake and could cost your firm millions in business when that client chooses to move to a firm that takes security more seriously.
Just ask Anthem, HBO, and DLA Piper.
Finally, utilizing a 3rd party Risk Assessment Service to collect all of the vendors’ security info for review is well worth the investment. Often times, even the smartest and most experienced Security Advisors may overlook or not know which questions to ask and what info to collect from vendors. Having a fresh pair of eyes that keeps tabs on the market as a resource can only help.
Page One Legal focuses on 2 major priorities: Security and Availability. We will always let you know where your data is and how we are securing it. If you would like to discuss an eDiscovery matter you may be concerned about, please feel free to reach out.