Organizations that continue to be complacent about data security ignore the considerable risks posed by a breach: extended downtime, loss of billable hours, destruction or loss of sensitive data and work product, and the potentially catastrophic costs associated with repairing the damage — both to their technology infrastructure and to their reputation and brand.
Despite numerous reports of data breaches at law firms over the past decade, a warning from the FBI that hackers are specifically targeting international law firms, and increasing pressure from clients to address cybersecurity concerns, legal services providers, on the whole, have so far failed to respond adequately to the scope and urgency of the problem. The ABA’s 2018 Legal Technology Survey Report reveals that only about half (53%) of lawyers say their firms have a policy to manage the retention of information/data held by the firm, only 25% of respondents report having an incident response plan, and an astonishing 29% report having no security policies at all.
As a measure of basic cybersecurity preparedness by legal professionals, these numbers are alarming. Organizations that continue to be complacent about data security ignore the considerable risks posed by a breach: extended downtime, loss of billable hours, destruction or loss of sensitive data and work product, and the potentially catastrophic costs associated with repairing the damage — both to their technology infrastructure and to their reputation and brand.
Getting Serious About Cybersecurity
It is commonplace in security circles to say it’s not a matter of if your organization will experience a breach — it’s a matter of when. So how should law firms and legal departments prepare in a way that’s commensurate with the risk? First, they need to understand that an effective cybersecurity program can’t focus exclusively on preventing attacks or other forms of data loss; having a detailed incident response plan for the mitigation of breaches once they happen is equally, if not more, important. A purely defensive posture is almost certain to fail.
To read the full article, visit LawJournalNewsletters.com.
As the Chief Information Officer for Casepoint, I oversee and am responsible for Global Infrastructure, Information security, Our cloud infrastructure, Maintaining security compliances, and managing a global information services team. Prior to joining Casepoint, I spent more than 9 years at the Am Law 100 firm, Crowell and Moring LLP, where I was the Manager of Network Operations. I bring over 18 years of experience working in information security, leading infrastructure and security teams, and building highly scalable/secure application infrastructure. You can connect with him on LinkedIn.