Monday, January 13, 2014

Data on Law Firm Security Breaches

Following our earlier post on New Year's Risk Resolution #1 (Improve firm information security), comes a pointer to an article from Jeff Brandt at Pinhawk: "70% of Large Firm Lawyers Don't Know If Their Firm Has Been Breached," which summarizes details from a recent ABA survey conducted by the ABA's Legal Technology Resource Center. (the summary of which is: "most lawyers don't know if their firm has experienced a data breach").

Jeff breaks down the key findings and notes that "all of this is disturbing at so many levels, I'm not sure what to say" --
  1. 70% of large firm respondents reported that they didn't know if their firm had experienced a security breach
  2. 15% of survey respondents had experienced a security breach
  3. No one seems to care about state breach notification laws
  4. from Sharon's personal experience, law firm administration doesn't tell the attorneys. 
The ABA Report highlights the implications of breaches that leak client information:
  • "A security breach that results in unauthorized access to a client’s sensitive data could have tremendous consequences for a firm, ranging from loss of business to potential disciplinary fallout.  It’s vital that firms work to minimize the risk of such a breach, but also that firms have solid response plans prepared in the event that a serious data breach does occur.  A firm that waits until after a security breach to come up with a response plan may end up making the situation worse."

No comments:

Post a Comment