How to Keep Your Law Firm’s Data Safe

By Tad Thomas | Dec 15, 2020 | Tad's Tech Corner

Technology is an essential part of any modern practicing attorney’s toolkit. In Tad’s Tech Corner, join me as I discuss how to best utilize technology– both from a device and software standpoint– during your daily lawyering tasks and during trial. Discussions, as always, are welcome in the comments section below.

The American Bar Association has held lawyers to the ethical and model rules of professional conduct since 1983. When following the rules, lawyers can navigate various scenarios and interactions with clients.

One of the rules, Rule 1.6, focuses on the confidentiality of client information. According to the rule, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Essentially, lawyers must make efforts to protect their clients’ data.

Doing so isn’t always easy, especially with the technology hackers and other nefarious groups have to infiltrate networks and steal information. To provide your clients with the best representation possible and ensure you are meeting your obligations and responsibilities as an attorney, let’s take a look at how to keep your law firm’s data safe.

Understanding the Risk of Attack

In 2018, the ABA issued Formal Opinion 483, which discusses law firms’ risk of experiencing a data breach. The opinion makes it clear that this is not a matter of if, but when. Attorneys have a duty of competence regarding maintaining adequate technology security measures. There’s also an obligation to monitor their systems, standard operating procedures, and plans reasonably and continuously in an effort to mitigate a security breach.

In the event a lawyer suspects or detects a breach, they must take reasonable steps to stop the attack and prevent any further exposure of data. It’s also essential for lawyers to promptly inform their clients and use useful information about the breach to make informed decisions.

While cyberattacks against law firms are not a new phenomenon, the rate of occurrence has increased significantly. According to the ABA, up to 42% of law firms with up to 100 employees have experienced a data breach. In general, there are two motives for obtaining information from law firms:

  • Information ransom. Most hackers seek financial gain from their scheme. If they can access client information, they may try to use it as leverage to extract money from your firm. Once they have retrieved the information they want, they’ll likely threaten to publicly release the information, which could have long-lasting repercussions for clients and your firm.
  • Insider trading schemes. Hackers also try to profit from the data they extract by making investment decisions based on the confidential information regarding your clients, like financial statements, mergers and acquisitions, financial deals, lawsuits, and more.

Tips for Your Law Firm’s Data Security

You know that your law firm handles a lot of data. From managing case information, communication records, and myriad documents shared with courthouses, notaries, and other legal entities, it’s crucial to understand how best to keep your law firm’s data safe.

To prevent data breaches, you and your employees should consider the following:

  • Enforce secure passwords. Make sure employees reset their passwords regularly and reject any passwords that do not meet the minimum criteria your firm establishes.
  • Use role-based authorization. Utilize privilege access to grant permission to the least amount of data possible. In addition to that, set up an automated system to update permissions when employees’ access levels change.
  • Use multi-factor authentication. Two-factor authentication should be mandatory for employees. When you require more than one piece of evidence to verify a user’s identity, you make it harder for hackers to infiltrate your system.
  • Regularly update software. Ensure all of the software your firm uses is up-to-date. Whether you set up automated updates or keep a schedule, keeping your software updated will reduce the potential for holes in your network.
  • Encrypt client’s data. To avoid data interception, use SSL or TLS protocol. You’ll also want to consider enabling full disk encryption on all devices in the event something is stolen.
  • Protect data remotely. In order to protect your data no matter where you are, implement remote data wiping. This will allow administrators to erase data remotely in the event of a breach or attack.
  • Provide cybersecurity training. Everyone on your team should have a general knowledge of cybersecurity. To get started, you’ll want to provide training on email security, phishing, and social engineering.

Protecting Your Law Firm and Your Clients’ Futures

According to the ABA, the number of law firms reporting cybersecurity issues declined by one percent from 2018 to 2019. This is despite the projection that cybercrime will increase by 70% over the course of the next five years.

When lawyers recognize law firms are under a constant threat of cybercrime and take the necessary precautions to defend their clients’ data, they’ll prevent future data breaches and the extensive consequences that come with a breach.