Since 2011, the U.S. Government has recognized the tremendous gap in data protection facing the country’s top businesses in nearly every field, and the legal industry is no exception. Law firms, even mid-size and boutique firms, present an appealing target for cyber criminals seeking valuable corporate or personal information. But an even larger threat comes from within the law firm itself.
All too often law firms have no mechanisms in place to protect access to confidential and proprietary information. Everyone in the firm, from the most senior partner to the lowliest administrative assistant can access any client data. Worse still, law firms may not be aware of a data breach until years after it occurs, if at all. For example, an associate could have been uploading files to a personal cloud account for years, but without the correct data protection measures in place, the firm would be none the wiser.
The Model Rules of Professional Conduct Rule 1.6 (c) requires that lawyers “…make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” The delineation between reasonable and unreasonable efforts is a hard one to make, but no effort is clearly a violation of this rule. Beyond that, there is a multitude of steps that the prudent attorney can take to protect client information.
At a minimum, controlling access to data, requiring strong passwords, and encryption of the most highly classified information should be the floor. Firms should also consider data loss prevention solutions which allow them to control data egress. A brief evaluation period could expose the senior partners at a firm to a freighting array of insider threats. Even then, protection from insider threats is only one facet of effective data protection for law firms; solutions for protecting against advanced cyber threats – such as spearphishing attacks that employ sophisticated malware – should also be considered for firms that want to show that they’re taking client data security seriously.
As the old adage goes, an ounce of prevention is worth a pound of cure. The only thing more valuable to a client than its funds is its confidential information, and in many cases the same can be said for cyber criminals targeting those clients. Once lost, confidential and proprietary information is not recoupable. Just as attorneys have IOLTA accounts to protect client funds, they should be considering the protection of client data.
5 Steps to Secure Sensitive Data at the Law Firm
Don’t lose clients because you can’t protect their data. Five steps any law firm can take to prevent sensitive client data from getting out.
Related ArticlesNew Research from Quocirca Reveals UK Firms’ Lack of Confidence in Data Security Measures
With data breaches and cyber threats on the rise globally, confidence amongst UK businesses in the adequacy of their current data security measures has fallen.Best Practices for Data Security in Hybrid Environments
20 Data Security Experts Share Best Practices for Data Security in Hybrid Environments.Drug Development and Intellectual Property Theft
Competitive forces in the pharmaceutical industry have led to increased intellectual property theft. As this trend continues, pharmaceutical companies and manufacturers of all industries must focus on protecting the sensitive data that their competitive advantage is built on.