Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

70% of Large Firm Lawyers Don't Know If Their Firm Has Been Breached

January 6, 2014

First, Happy New Year!

Second, there is so much news that it will take me weeks to catch up. But I wanted to start with a study that many readers will not have seen. While I will give you the link, you need to subscribe to see the story. Hat tip to our colleague Sean Harrington for sending this story along.

However, here is the essence of the story about a recent survey conducted by the ABA.

"Fully 70% of large firm respondents reported that they didn't know if their firm had experienced a security breach," according to the 2013 survey, entitled "Security Snapshots: Threats and Opportunities" conducted by the ABA's Legal Technology Resource Center. Of course, the fact that they don't know does not indicate a breach (easy to overlook that point).

According to the survey, 15 percent of survey respondents had experienced a security breach, and respondents of mid-size firms (10-99 attorneys) were most likely to know about the breach. That makes sense because mid-size firms are more attuned to anything major happening that might affect the firm.

The survey highlighted the increased risks from bring-your-own-device policies which allow attorneys to access firm networks through their smartphones , tablets or other devices. The report found that "34% of respondents reported that their firms allowed them to connect their personal mobile devices to the network without restrictions."

Our own experience, and conversations with other friends in information security, confirm how often law firms don't tell their attorneys that there has been a breach. They seem to operate on a "need to know" basis concluding that their attorneys don't need to know. We often hear "we have no proof that anything was done with client data" in spite of the fact that the intruders had full access to their network. Our encounters with these breaches indicate that if law firms can keep the breach quiet, they will.

They will spend the money to investigate and remediate the breach, but they will fail to notify clients under state data breach laws and they won't tell their own lawyers for fear the data breach will become public. Is that unethical? Probably. Unlawful? Probably. But until there is a national data breach law with teeth, that approach to data breaches is unlikely to change.

E-mail: Phone: 703-359-0700

http://www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

70% of Large Firm Lawyers Don't Know If Their Firm Has Been Breached

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer