When it comes to cybersecurity, lawyers often get a bad rap. The industry’s known reticence to embrace new technologies similarly extends to the perception of its general lack of understanding of security issues. And in many cases, the evidence does indicate that lawyers fail to enact necessary cybersecurity measures for any number of reasons.
Common sense dictates that larger law firms would have better cybersecurity procedures in place due to large in-house IT staff and devoted legal IT budgets. But surprisingly, according to the results of the American Bar Association’s latest Legal Technology Survey Report, large law firms are often the most likely to experience security breaches.
For example, 26% of firms with 500 or more lawyers reported experiencing security breaches in the past year, up 15% compared to 2012. Next in line was firms with 10-49 attorneys (25%), followed by firms with 100-499 lawyers (20%), firms with 2-9 lawyers (11%) and then, finally, solos at just 8%. So solo and small firms lawyers were the least likely to experience security breaches in 2016.
Interestingly, solo and small firm attorneys were the most likely to use cloud computing software in 2016, with 35% solos using it, followed by 35% of firms with 2-9 attorneys, 29% of firms with 10-49 attorneys, and 19% of firms of 100 or more lawyers. So firms that used cloud computing the most experienced security breaches the least. Certainly this correlation does not necessarily amount to causation, but it’s worth taking note of.
A similar trend can be found when it comes to firms’ reports of unauthorized access to client data. There were no reports of this type in 2016 for for smaller firms with less than 49 attorneys. However, for firms with 50-99 attorneys, 25% reported unauthorized access to client data, followed by 11% of firms with 100-499 lawyers. Firms with more than 500 lawyers reported no unauthorized access.
Unauthorized access occurs when either hardware or software is compromised, so statistics regarding how lawyers store and secure data on devices and in the cloud is worth exploring in this context. First let’s take a look at the steps lawyers are taking to secure mobile devices.
The good news is that when it comes to laptops, most lawyers take sufficient security steps. 98% of lawyers use passwords on their laptops. Firms of 500 or more lawyers lead the way at 100%, followed closely by solos at 97%. Some lawyers, 14%, even report using other types of authentication, such as fingerprint readers.
Lawyers are also taking necessary measures to secure their mobile devices. For example, 95% reported using passwords on their smartphones, with large firms leading the way. 100% of firms with 100-499 lawyers reported using passwords, followed by 97% of firms with 500 or more and 93% of solos.
Next, let’s consider where law firm data is stored and how that choice can affect security of client data. According to the 2016 Report, external hard drives are the most common type of backup and are used by 41% of law firms. Offsite backup is next at 28%, followed by online backup at 67%, network attached storage at 6%, USB drives at 9%, tape at 7%, RAID at 6%, CDs at 4%, and DVDs at 4% as well.
Backing up data offsite is an important security measure and firms that do this are step ahead. This is because offsite data backup can be particularly useful when it comes to disaster recovery, since natural disasters are not unheard of and can sometimes destroy all of a law firm’s client files and data. According to the Report, 13% of law firms experienced a natural or man-made disaster in 2016. Firms with 50-99 lawyers reported the highest rate (28%), followed by firms of 500 or more lawyers (26%), and finally, solo and small firms came in last with only 10% reporting a natural disaster that affected their files.
Fortunately, as noted above, solo and small firm lawyers are the most likely to use cloud computing software to store client data. That means that their law firm’s data is securely stored offsite in the event of a disaster. So those firms are all usually in good shape when it comes to disaster recovery, since most reputable cloud providers have geo-redundant data backup.
So when it comes to lawyers and cybersecurity in 2017, the future looks murky. While lawyers are taking some steps to secure their data—particularly on their hardware—some firms continue to encounter breaches and natural disasters in the absence of the necessary security measures. Only time will tell if that trend will change.
Copyright © 2019 Legal IT Professionals. All Rights Reserved.