American Bar Association(ABA) survey made last year has confirmed that one in every four law firms with atleast 100 attorneys have experienced a breach due to a hacker, website attack, break-in or lost or stolen computer or smart phone. The report was compiled by ABA’s Legal Technology Resource Center after it surveyed over 90,000 attorneys in private practice.
Of those attorneys whose firms experienced a breach, 3% reported that it led to unauthorized access to sensitive client data, and 5% said they notified clients of the breach.
After seeing the magnitude of data breach, some clients are working proactively to ensure their outside counsels have satisfactory security measures in place. Current and potential clients of the largest firms are most likely to request a security audit or a verification of the firms’ security practices. Thirty-four percent of law firms with 100 or more attorneys have fielded such requests, compared to 12 percent of firms with 10 to 49 attorneys and 3 percent of solo practitioners.
All this suggests that the concern for data security is high among law firms. However, the security measures which are/have to be in place are zero. This was revealed in the ABA survey, where forty-seven percent of respondents said their firms had no response plan in place to address a security breach. More than a quarter of respondents said their firms had an incident response plan, and a quarter did not know. Among the largest firms of 500 or more attorneys, 55 percent had a security breach response plan in place. More than half of attorneys, 58 percent, said their firms did not have a dedicated chief information security officer or another staff member charged with data security, while 34 percent said their firms did have one officer.
American Bar Association offers the following tips for law firms which are concerned about data security
- Have a strong password of at least 12 characters. If you are still using an 8 character password, please be aware that a password with the said number of characters can be cracked in just about two hours, whereas, a strong 12 character password takes atleast 17 years to crack. Remember the password should be a mix up of alpha-numeric characters along with special characters.
- ABA suggests not using the same password everywhere.
- Change the passwords on a regular note, as this foils the wrong intentions of those who got your password.
- It’s a bad practice to maintain a file name with passwords on your PC. And do not have your password on a sticky not under your keyboard or in your top right drawer.
- Attorneys should use laptops with encrypted disk drives. This will help keeping their data safe, even if they loose their gadget.
- Backup media used in law firms acts as a huge source for data leaks. So, it should be encrypted.
- Keeping your server in a locked room or closet also helps. Physical security is essential.
- Using security software against virus, spyware, root-kit detection, spam, can work wonders.
- Wireless networks should be set up with proper security. First and foremost, encryption should be enabled on the wireless device. Whether using Wired Equivalent Privacy (WEP) 128-bit or WPA encryption, make sure that all communications are secure. WEP is weaker and can be cracked. The only wireless encryption standards that have not been cracked (yet) are WPA with the AES (Advanced Encryption Standard) or WPA2.
- Using cloud providers for software applications is fine, provided that you made reasonable inquiry into their security. Read the terms of service carefully and check your state for current ethics opinions on this subject.
- Once you terminate the employee, make sure that his/her access to data is completely barred in future. The best way is to kill his id and email account.
- Be wary of the social media applications, as they are now termed as effective invasion by cyber criminals.
- Consider whether you need cyber insurance to protect against the possible consequences of a breach. Most insurance policies do not cover the cost of investigating a breach, taking remedial steps or notifying those who are affected.
- Dispose of anything that holds data, including a digital copier, securely. For computers, you can use a free product like DBAN to securely wipe the data.
- Use social media in a responsible way.
- Make sure that all computers require screen saver passwords, and that the screen saver gets invoked within a reasonable period of inactivity.
Approach DNF Corporation if your law firm needs assistance on data security.