by Tom Cross
Nov 08, 2017
Lawyers always have been responsible for protecting their clients’ information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
Some people think that law firms aren’t interesting targets for computer criminals. They don’t typically have terabytes of credit cards and bank accounts on file. But they do retain powerful clients, from wealthy individuals to big companies, and they often have privileged information about those clients, including details of business dealings and inside information about their negotiating positions and future plans.
Of course, law firms have always had an ethical responsibility to protect the confidentiality of their clients. This was a bit easier to do when everything was on paper; the only risk was if the attorney left a sensitive memo in a bar or if the firm didn’t have tight physical security to prevent a thief from gaining entry to the office — think Watergate. Clearly, things have changed, but like many other sectors, the adoption of new technology by law firms has outpaced the adoption of the security best practices needed to live with that technology safely.
There are now several prominent examples of how things can go wrong. Earlier this year, global law firm DLA Piper was hit by a strain of ransomwarethat forced management to shut down its offices for several days while IT dealt with the problem. In 2016, a breach referred to as the Panama Papersentailed a massive document disclosure of 2.6 terabytes of data from Panamanian-based law firm Mossack Fonseca. German newspaper Süddeutsche Zeitung got hold of the documents, resulting in coverage of celebrities’ and politicians’ financial transactions and other personal details.
If events like these have a silver lining, it is the possibility that other firms might learn from them in hopes of avoiding the same fate. Here are four best practices law firms should consider as they seek to make information security a higher priority: