2 groups seek to solve law firms' security issues

  • Print.

Law firms have long been perceived as security risks. Attorney Amar Sarwal remembers working on large-scale litigation in decades past during which clients demanded absolute security for high-profile cases.

“Law firms were not the most secure to begin with,” he says, “and now you overlay cybersecurity risks, and clients are getting even more demanding.”

According to Digital Guardian, a data security software company, at least 80 percent of the biggest 100 law firms have had some sort of digital data breach. The problem is that, while there are plenty of guides for securing networks and devices, these plans describe systems that are too expensive to build and maintain for most law firms.

The only way for law firms to combat this threat effectively is through cooperative efforts and information-sharing that pool limited resources. And a few legal organizations are banding together to get ahead of client demands and cooperatively develop industry-standard Internet security practices.


The Financial Services Information Sharing and Analysis Center has convened a group of law firms and corporate clients in an effort to systematically share information about cyberthreats. And since 2013, an ABA pilot project for law office cybersecurity has been working on proposed best practices for safeguarding confidential information.

David Bodenheimer—co-chair of the Security, Privacy and Information Law Division of the ABA Section of Science and Technology Law—helped pull together law firms with an interest in cybersecurity and information technology staff for the ABA pilot project.

Bodenheimer and the task force are working on a program whose core principle is risk assessment and quality control. The hope is that the practices will be flexible enough to allow firms to assess the confidential data they possess, the legal and regulatory requirements they operate under, and the types of threats faced.

The retail and banking industries have implemented cooperative cybersecurity practices in the wake of some spectacular failures and losses of client information. The goal of the ABA working group and the financial services legal group will be to implement workable, cost-effective programs before a spectacular loss hits the legal industry.

“Law firms work in a world of uncertainty,” Bodenheimer says. “When it comes to information security, though, the level of risk and uncertainty is low. We have to mitigate that risk before lawyers find themselves with their backs against the wall.”

This article originally appeared in the August 2015 issue of the ABA Journal with this headline: “Safety in Numbers: 2 groups seek to solve law firms’ security issues.”

Give us feedback, share a story tip or update, or report an error.