Login | September 30, 2020

Law office cybersecurity slowly improving

Technology for Lawyers

Published: November 15, 2019

The 2019 ABA Legal Technology Survey Report shows that the industry is making small, slow strides in protecting itself and its clients’ confidential information from hackers and other bad computer actors. It isn’t much improvement, but a little bit might go a long way.
The survey was taken throughout all sectors of the legal industry—from solos to megas. It asked cybersecurity questions related to technology policies, security tools, security breaches, viruses/spyware/malware, physical security measures, and backup.
It has some good news and some bad news, of course.
For the bad news, we start with the fact that over a quarter of firms reported a data breach in the last 12 months. That’s bad enough, but almost 20 percent of the remaining respondents to the survey did not know whether or not their firm even had a breach.
That latter fact is remarkable. The report points out that most of the respondents who gave that answer came from large firms—which means that they were not given any kind of data security report. Seems to me that all firms should send one of those out to all lawyers at least annually. But who am I? Just leave ‘em all in the dark.
Over a third of law offices surveyed have been attacked by various kinds of malware/spyware/etc.—but, again, more than a quarter of respondents didn’t know if they had been attacked.
Only about three percent of the respondents experienced compromised client data, but 14 percent reported data destruction, and more than a third had downtime that cost billable hours.
But at least attorneys are ramping up their incident response plans—from 25 percent last year to upwards of 70 percent for very large firms (less for smaller firms)(Hey—as a part of your incident response plan—tell your lawyers!).
The use of encryption, while still not up to snuff, is also increasing. A little les than half use file encryption, more than a third use email encryption, and 22 percent encrypt everything. Those numbers are all up from 2018.
About a third have cyberinsurance—up from 17 percent two years ago.
So—everything listed here should be at 100 percent, just in case you were wondering. But some progress is better than no progress. Keep up the good work.