Lawyeringforlawyers
This can be deemed an advertisement in some jurisdictions.
  • Home
  • About Steve
  • Law Firm Blog
  • Humor Blog
  • Contact

Security in Law Firms

2/4/2013

0 Comments

 
     It used to be the old guy downstairs at the front entry.  In light of the recent “More Duties” for us lawyers post, security involves a bunch more in the practice of law.  It is not just keeping people from wandering around on your office floors.  We have professional duties to secure both the physical files and premises and the electronic practice of law.

     I spoke of heightened needs to protect your smart phone, tablets or laptops from loss, due to fines and penalties for loss of privacy data of clients.  I am not talking unhappy clients but regulatory penalties.  Lawyers are easy targets for professional hackers, and I do not mean the goofy teenager down the street or the unhappy ex-employee.  Foreign hackers, some even legitimately alleged to be Chinese Army hackers, are known as advanced persistent threats and are after your client’s business data regularly.  Really, I am not overstating.  Organized crime, foreign government backed groups, or political hactivists choose the easy to get information on businesses and individuals through their lawyers, a much easier quarry.  Think: high value information well organized, but weak security and you would have the routine law office. As the Twitter joke goes:@ChineseArmy is now following you (everywhere).

     In 2011, the ABA Survey indicated 21% of large firms reported a security breach and 15% of all firms (including small firms) reported a breach.  The 2012 Corporate Compliance Group reported it at 60% had breaches for companies generally.  Let me grab your attention:  The Ponemon Institute cost of data breach survey found that the average time to resolve a cyber-attack is 18 days and the median cost was $5.9 million.

     Well that applies to the big boys and not us.  What if your client is doing business in some area that others could gain advantage?  How hard would it be for someone to get their contracts out of your firm?  A computer security expert from the Federal Bureau of Investigation pulled no punches at LegalTech New York recently.  Said Mary Galligan, FBI Special Agent in charge of cyber and special operations:  "We have hundreds of law firms that we see increasingly being targeted by hackers. The FBI puts great importance on this issue."  She added:  "The more mobility you have, the more documents you're sending through the internet, the more likely you are to be the victim of a cyber attack, and that's what we're seeing at law firms...  The cyber threat is too big for any of us to fight alone."


      It appears most professional liability policies are silent on covering such risks and damages.  If couched (much later) as a malpractice claim, then perhaps you will be covered, but most of us have big deductibles.  Other than business interruption coverage under a comprehensive general liability policy, it is not clear about coverage for such risks.  So, firms are entering the wild west of insurance coverage dealing with something called cyber coverage.  As a newer line, care needs to be used to make sure the exclusions do not swallow the coverage to get you to get the protection you need.

     So, I am promoting a healthy level of paranoia in your firm.  We need to be able to practice law using the technology clients now expect.  Today that is wherever you are.  We in the loss prevention side of the practice recommend a good balance of seamless knowledge access, with the very real risks of internal information loss risk being considered.

      Encrypt firm stored data on your laptops and thumb drives.  Employ mobile device management on phones and devices that are not, or cannot be, encrypted.  Use the existing tested methods of strong passwords, firewalls, updated security patches and protection of high value data limited to those who need to know.  One practical way is to limit access to documents by practice area.  Intrusion detection and oversight by trained IT professionals with security expertise is good money spent.  Be careful out there.

0 Comments

    Author

    Steve Crislip was the General Counsel and Loss Prevention Member to a 11 office and 7 jurisdiction law firm for 10 years and has been defending lawyers and firms for more than 25 years and litigating for 40 years.
    These articles reflect lessons learned for Law Firms.

    Archives

    October 2017
    September 2017
    August 2017
    April 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012

    Categories

    All
    Ames & Gough
    Checklists
    Computers And Lawyers
    Confidentialty And Lawyers
    Guidelines
    Law Firms
    Law Office Practice
    Law Office Practice
    Lawyers On Boards
    Legal Claims
    Legal Claims
    Legal Malpractice
    Legal Malpractice
    Loss Prevention
    Loss Prevention
    Loss Prevention In Law Firms
    Professional Liability
    Professional Liabilty

    RSS Feed

Powered by Create your own unique website with customizable templates.