Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Cybersecurity In the Legal Space: Is Your Organization Prepared?

By Sundhar Rajan
September 01, 2019

Despite numerous reports of data breaches at law firms over the past decade, a warning from the FBI that hackers are specifically targeting international law firms, and increasing pressure from clients to address cybersecurity concerns, legal services providers on the whole have so far failed to respond adequately to the scope and urgency of the problem. The ABA's 2018 Legal Technology Survey Report reveals that only about half (53%) of lawyers say their firms have a policy to manage the retention of information/data held by the firm, only 25% of respondents report having an incident response plan, and an astonishing 29% report having no security policies at all.

As a measure of basic cybersecurity preparedness by legal professionals, these numbers are alarming. Organizations that continue to be complacent about data security ignore the considerable risks posed by a breach: extended downtime, loss of billable hours, destruction or loss of sensitive data and work product, and the potentially catastrophic costs associated with repairing the damage — both to their technology infrastructure and to their reputation and brand.

Getting Serious About Cybersecurity

It is commonplace in security circles to say it's not a matter of if your organization will experience a breach — it's a matter of when. So how should law firms and legal departments prepare in a way that's commensurate with the risk? First, they need to understand that an effective cybersecurity program can't focus exclusively on preventing attacks or other forms of data loss; having a detailed incident response plan for the mitigation of breaches once they happen is equally, if not more, important. A purely defensive posture is almost certain to fail.

Developing an incident response plan forces organizations to establish policies documenting security-related roles and responsibilities, and identify tools required for the quickest possible response to a triggering event. Plans need to specify what kinds of events trigger a response and the initial steps the organization will take when that happens, such as isolating workstations and servers and making forensic copies of the affected data. Plans also need to spell out exactly how the organization will handle internal and external communications, documentation and reporting. The National Institute of Standards and Technology (NIST) has developed a Computer Security Incident Handling Guide that serves as a good starting point for legal organizations serious about preparing for the inevitable.

Understand How Most Breaches Happen

Hackers are aware that law firms are soft targets. Because law firms are focused on the business of law, they may not have top-notch security technology in place and their employees typically lack awareness of specific risk scenarios. Firms also handle data that can be extremely valuable to bad actors seeking, for example, to pursue insider trading schemes or gain access to intellectual property.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Top 5 Strategies for Managing the End-of-Year Collections Frenzy Image

End of year collections are crucial for law firms because they allow them to maximize their revenue for the year, impacting profitability, partner distributions and bonus calculations by ensuring outstanding invoices are paid before the year closes, which is especially important for meeting financial targets and managing cash flow throughout the firm.

The Self-Service Buyer Is On the Rise Image

Law firms and companies in the professional services space must recognize that clients are conducting extensive online research before making contact. Prospective buyers are no longer waiting for meetings with partners or business development professionals to understand the firm's offerings. Instead, they are seeking out information on their own, and they want to do it quickly and efficiently.

Should Large Law Firms Penalize RTO Rebels or Explore Alternatives? Image

Through a balanced approach that combines incentives with accountability, firms can navigate the complexities of returning to the office while maintaining productivity and morale.

Sink or Swim: The Evolving State of Law Firm Administrative Support Image

The paradigm of legal administrative support within law firms has undergone a remarkable transformation over the last decade. But this begs the question: are the changes to administrative support successful, and do law firms feel they are sufficiently prepared to meet future business needs?

Tax Treatment of Judgments and Settlements Image

Counsel should include in its analysis of a case the taxability of the anticipated and sought after damages as the tax effect could be substantial.