As more hackers target lawyers, here’s how to protect client data
By Rachel M. Zahorsky
Apr 4, 2013, 05:15 pm CST
Most major U.S. law firms have been victims of security breaches, and the unwelcome threats likely operated covertly for 8 to 9 months before they were discovered. For many firms, the first whiff of insidious action comes from a knock on the firm’s door by the FBI.
In 2011, the U.S. government labeled New York City’s 200 largest law firms “the soft underbelly” of hundreds of corporate clients, two experts warned at an ABA Techshow session on data security for lawyers. Even midsize, boutique and solo firms are at risk, warned presenters Sharon Nelson, president of Sensei Enterprises, an information and digital technology firm, and Ben Schorr, CEO of IT consulting firm Roland, Schorr & Tower. And untrained lawyers and office personnel are often the No. 1 chink in a law firm’s defense, the duo said.
“The biggest threat to law firms’ data are its own users who aren’t trying to do damage,” Schorr said, who shared an anecdote of a law firm that unwittingly allowed its receptionist access to read, edit and delete client documents on the firm’s server. At another firm, an associate with Internet connection issues in his office used his own unprotected Wi-Fi router to work on client matters, rendering the firm’s security measures useless.
Updated ethics rules require lawyers to make reasonable efforts to make sure client data is secure. The new rules also require lawyers to be competent with technology or to hire someone who is. Judges will no longer buy arguments that tech and its threats are evolving too quickly for lawyers to keep up, Nelson said.
Some of the other security tips offered by the panelists include regularly updating firewalls and security programs. “You can’t set it and forget it,” Schorr said, because new security threats are constantly evolving. And always use your own encryption devices in addition to the encryption offered by popular cloud platforms like Dropbox. This double-safety effort keeps lawyers in ultimate control instead of solely relying on the cloud platform’s security measures.
For those lawyers who use smartphones, which is nearly everyone, 36 percent of us have lost them—many in a taxi or left charging at an airport terminal. And 46 percent of those lost were not protected by a password of any kind. Nelson recommends an alphanumeric passcode of at least 12 characters, as 8 has proven too easy for hackers to foil, and for lawyers to enable phones to be wiped of all data after 10 incorrect log-in attempts.