Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

How Good is Law Firm Security? This Report May Surprise You

December 20, 2016

As DarkReading recently reported, there is good news about law firm security: The legal sector scored second-best in the latest security ratings report by BitSight, just ahead of retail, and behind the formidable financial industry. It's hard to surprise me, but this report did. As much as I've seen greater attention to cybersecurity by law firms over the past several years, I've also seen a lot of data breaches, some public and some not. Since BitSight uses publicly disclosed breaches to benchmark security, it may be that there are a lot of law firm data breaches that have not been publicly disclosed. It is probably also true, since BitSight analyzed 1,269 legal entities, that it probably did not include a lot of solo and small firms.

The bad news: More than half of law firms are vulnerable to a known attack called DROWN that breaks encryption and exposes communication and information in Web and e-mail servers and VPNs, and a large percentage of law firms scored low security-wise.

BitSight provides a credit-score type security rating system for various industries. On a 250 (lowest) to 900 (highest) security rating scale, finance scored 703; legal, 687; retail, 685; healthcare, 668; energy/utilities, 667; and government, 657. Legal actually dropped two points from last year's rating of 690.

70% of law firms surveyed in the recent Law Firm Cybersecurity Report by ALM Intelligence said they are under pressure from their clients to beef up internal data security, but only about half conduct regular "fire drills" for incident response. The report said firms were confident in their ability to thwart attacks.

Um, that's not what they tell us. But it does make for good PR.

"Many firms' confidence in their own cyberattack preparedness seems misguided. Our research indicates that most remain surprisingly unprepared for the threat," said Daniella Isaacson, co-author of the report and ALM Intelligence senior legal analysis. "For example, many never test their cybersecurity protocols. This means that on the day of a breach, those firms are using an unproven response plan."

Now that rings truer to my ears.

Hat tip to Dave Ries.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

How Good is Law Firm Security? This Report May Surprise You

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer