Newswire

PRO Partners

Responses to a Breach of Client Data

Jeffrey BrandtIt started with a tweet from Jason Plant and a response from me.  Then Ben Schorr joined in.  There were a few others who got involved as well.  We were chatting about the use of mobile devices and the way some law firms have deployed them.  Some firms have connected the devices first and are now attempting to deal the with policy, procedure and security issues.  I added the hashtag #bassackwards to somewhat summarize the conversation.  Policy, procedure and security issues should always be addressed first. It is the responsibility of the CIO to say "no" or "wait" until those critical steps have been hashed out.

But for those of you CIOs who opted to go the other way, as a free service, I am offering up some handy excusesresponses that you can use when talking to your clients about that data breach you just experienced.  I've tried to go beyond just potential security issues of mobile devices.  Keep this list close by.  It may also come in handy when that reporter from The Wall Street Journal, The New York Times, The Daily Telegraph, The Guardian or some other newspaper calls you.  In no particular order, please consider the following:

  1. We can't keep up with the pace of the new devices.
  2. But the breach came from a really, really cool new iPad 3.
  3. It was Microsoft's fault.
  4. It was Apple's fault.
  5. It was Google's fault.
  6. We thought strong passwords like 1234 were OK.
  7. We just upgraded our security last year.
  8. But the partners insisted.
  9. But DropBox is so easy to use.
  10. But we have a written policy.
  11. Encryption slows my laptop down.
  12. We are BYOD.  Technically it wasn't a firm device.
  13. You're the one who told us to use DropBox.
  14. We didn't have the time to implement proper security.
  15. It must have happened when my brother-in-law borrowed my iPad.
  16. We didn't have the money to properly secure the data.
  17. We're not sure who owned the WIFI node, but at least it was free.
  18. We didn't know the networked photocopiers had hard disks in them.
  19. We don't know much about security.
  20. Who would have thought someone could have guessed the managing partners password?  He's only had the same one for the past seven years.
  21. Installing all those Windows security updates seemed like a waste of time.
  22. We don't have any security specialists on staff.
  23. "Our new passwords will contain an uppercase letter, a number, a punctuation mark, a gang sign, an extinct mammal and a hieroglyph."
  24. After deleting the data, we didn't think wiping the hard disk of the PCs we sold was necessary.
  25. Security is on our list of topics to address next year.
  26. The attorney didn't share her password with anyone.  Except her secretary. And her paralegal. Oh and the temp from last week.
  27. We thought an attachment in email was totally secure.
  28. Our system account administrator didn't know that temporary employee was fired from the firm six months ago.
  29. Our main administrator was on vacation.
  30. We're a law firm, hackers aren't interested in us.
  31. We didn't know there was a patch for that flaw/bug.
  32. Logs? We didn't know we had to check the logs.
  33. We thought the offer from Dr. Clement Okon and the Nigerian National Bank was legitimate.
  34. The server room is always locked.  The key hangs on a peg next to the door.
  35. Our users consider password protected screen savers annoying.
  36. Um.. Sorry about that.

So these are some responses you can use when that call comes.  Or you can be proactive.  It's your choice.


Additional user submitted responses:

 

  1. Don't worry, we'll demand your information be taken off the Internet immediately.
  2. This was an isolated incident.
  3. We though “anonymous” meant that nobody would knew about us.
  4. The dog ate my security policy.
  5. Don't worry: The leak happened while we were moving data from Chicago to LA so we'll take it up with the guys who own the Internet. It's just like losing a package when you send it by UPS, really.
  6. Encryption is a complicated and cumbersome technology.
  7. A lot of banks don’t encrypt, so we didn't think we needed to either.

 

 

Copyright © 2023 Legal IT Professionals. All Rights Reserved.

Media Partnerships

We offer organizers of legal IT seminars, events and conferences a unique marketing and promotion opportunity. Legal IT Professionals has been selected official media partner for many events.

development by motivus.pt