Law Practice Management

Insiders are stealing data without law firms even realizing it

  • Print.

It’s no secret that law firms and other businesses with valuable confidential information are targets for potential hack attacks.

But, as those in charge of information technology focus on preventing cybersecurity breaches, they may be missing an important information drain—the firm’s own lawyers and staff, Legaltech News (sub. req.) reports.

“The reason I think it’s so overlooked, is it’s incredibly difficult to detect when an employee has taken data,” says president Rick Weber of Elijah, a data forensics consultant. “This lack of detection has created a false sense of data security. … Usually, when there’s an internal data breach that causes a company to react, it stems from a third-party whistleblower.”

Despite the value of client information and the importance that it be kept confidential, many law firms don’t have clear policies about safeguarding it, experts say. Even when such policies do exist, they are tough to enforce.

However, a first step, once a policy is in place, may be installing software to monitor when multiple files are downloaded on a thumb drive. While there are legitimate reasons for doing so, such conduct also can be a red flag.

Another option is simply to monitor law firm insiders’ computer use—and let them know this is occurring.

“If your employees know that data forensics teams can view their computer use at any time, that can offer immense protection,” Weber says.

Related coverage: “Report: BigLaw Attorney in Insider-Trade Case Didn’t Open Firm Docs, Allegedly Just Used Title Info”

See also: “Law firms can spend a lot, or very little, and improve their cybersecurity, experts say” “Got cyber liability insurance? Few lawyers say they have it, despite security breaches”

Give us feedback, share a story tip or update, or report an error.