Organizations that continue to be complacent about data security ignore the considerable risks posed by a breach: extended downtime, loss of billable hours, destruction or loss of sensitive data and work product, and the potentially catastrophic costs associated with repairing the damage — both to their technology infrastructure and to their reputation and brand.

Despite numerous reports of data breaches at law firms over the past decade, a warning from the FBI that hackers are specifically targeting international law firms, and increasing pressure from clients to address cybersecurity concerns, legal services providers, on the whole, have so far failed to respond adequately to the scope and urgency of the problem. The ABA’s 2018 Legal Technology Survey Report reveals that only about half (53%) of lawyers say their firms have a policy to manage the retention of information/data held by the firm, only 25% of respondents report having an incident response plan, and an astonishing 29% report having no security policies at all.

As a measure of basic cybersecurity preparedness by legal professionals, these numbers are alarming. Organizations that continue to be complacent about data security ignore the considerable risks posed by a breach: extended downtime, loss of billable hours, destruction or loss of sensitive data and work product, and the potentially catastrophic costs associated with repairing the damage — both to their technology infrastructure and to their reputation and brand.

Getting Serious About Cybersecurity

It is commonplace in security circles to say it’s not a matter of if your organization will experience a breach — it’s a matter of when. So how should law firms and legal departments prepare in a way that’s commensurate with the risk? First, they need to understand that an effective cybersecurity program can’t focus exclusively on preventing attacks or other forms of data loss; having a detailed incident response plan for the mitigation of breaches once they happen is equally, if not more, important. A purely defensive posture is almost certain to fail.

To read the full article, visit LawJournalNewsletters.com.

 

Keep reading on Law Journal Newsletters

 

Sundhar Rajan

Sundhar Rajan

Chief Information Officer

Sundhar Rajan is Casepoint’s Chief Information Officer where he is responsible for overseeing information technology strategy, global infrastructure, and security compliances for the company to ensure we meet our clients’ needs. He brings 19+ years of network engineering and infrastructure security experience. Prior to joining Casepoint, Sundhar was a senior network operations manager at a top Am Law 250 firm located in Washington D.C. where he led a team of 15 and enhanced network infrastructure security and applications deployment. Sundhar’s knowledge of information security, global infrastructure, and proactive compliance security monitoring aid him in leading our information technology.

Subscribe To Our Newsletter

Popular Posts