In 2011, the Federal Bureau of Investigation met with managing partners of top law firms in New York and other major American cities to discuss the problem of online security, especially for law firms with offices in foreign countries. F.B.I officials and security experts said that law firms remain a weak link when it comes to computer security and corporate espionage.
The push from corporate clients for law firms to protect their data may be the kick in the pants managing partners need when it comes to law firms doing their part in improving online security.
According to a 2014 article in The New York Times, Daniel B. Garrie of Law & Forensics believes demands from corporate clients to take more steps to guard against online intrusions may “force law firms to clean up their acts” and do a much better job to secure sensitive information, especially as global concerns about hacker threats mount.
What are some of these big corporations demanding from law firms to feel confident that their data remains safe and secure from hackers bent on obtaining corporate secrets?
Evidence – Some financial institutions require evidence that outside law firms use top-tier technologies to detect and deter cyber attacks through lengthy questionnaires detailing their cyber security measures and on-site inspections.
Reduce vulnerability – Other companies require law firms to stop using files on portable thumb drives, emailing them to non-secure iPads or working on computers linked to a shared network in countries like China and Russia where hacking is prevalent.
Cyber attack insurance– Banks and companies are requesting law firms to add insurance coverage for data breaches to their malpractice policies to cover expenses associated with a data breach, including business interruption, privacy breach response costs, notification expenses, breach support and credit monitoring expenses, damage to data and computer programs, cyber extortion expenses, computer forensic and investigation fees, public relations expenses, legal expenses, etc.
Some banks and other companies are pressuring law firms that balk at the increased scrutiny by withholding legal work. Garrie put it best: “When people say, ‘We won’t pay you money because your security stinks,’ that carries weight.”
With careful planning, law firms can reduce their exposure to potential data breaches by following some simple steps, such as: Limit the number of places where personal information data is stored; limit access to computer systems, email, and directories to only trusted users; implement and follow password policies; use encryption technology on all servers, user workstations, and mobile devices; and obtain cyber attack insurance protection.