ABA Techshow 2013
Firms are at risk of security breaches inside and out
Posted Jun 1, 2013 1:00 AM CST
By Rachel M. Zahorsky
Most major U.S. law firms have been victims of security breaches, and the unwelcome threats likely operated covertly for up to nine months before they were discovered. For many, the first whiff of insidious action comes from a knock on the firm’s door by the FBI.
In 2011, the U.S. government labeled New York City’s 200 largest law firms “the soft underbelly” of hundreds of corporate clients, two experts warned at a Techshow session on data security. Even midsize, boutique and solo firms are at risk, warned presenters Sharon Nelson, president of information and digital technology firm Sensei Enterprises, and Ben Schorr, CEO of IT consulting firm Roland, Schorr & Tower. And untrained lawyers and office personnel are often the No. 1 chink in a law firm’s defense, the duo said.
“The biggest threat to law firms’ data are its own users, who aren’t trying to do damage,” said Schorr, who shared an anecdote of a firm that unwittingly allowed its receptionist access to read, edit and delete client documents. At another, an associate with Internet connection issues in his office used his own unprotected Wi-Fi router to work on client matters, rendering the firm’s security measures useless.
Updated ethics rules require lawyers to make reasonable efforts to ensure client data is secure. The new rules also require lawyers to be competent with technology or to hire someone who is. Judges will no longer buy arguments that tech and its threats are evolving too quickly for firms to keep up, Nelson said.
Some of the panelists’ other security tips include regularly updating firewalls and security programs. “You can’t set it and forget it,” Schorr said, because new security threats are constantly evolving. And always use your own encryption devices in addition to those offered by popular cloud programs like Dropbox. This double-safety effort keeps lawyers in ultimate control instead of solely relying on the cloud service’s security measures.