Your Law Firm Has Been Breached: Who Are You Going to Call?
January 5, 2022
We’ve Had a Data Breach!
No lawyer wants to hear those words about their law firm. But across the country, those words have been repeated time and again. How often? The ABA’s 2021 Legal Technology Survey Report tells us that 25% of respondents said that their law firms had a breach “at some time.” That’s a big percentage. Most law firms are ill-prepared for responding to a data breach with only 36% reporting that they have an Incident Response Plan (IRP). Understandably, 80% of law firms with 100+ attorneys do have an IRP.
If you have no IRP, you are asking for a catastrophe – and one likely to make the headlines. Roll up your sleeves and get to work creating one. Then do regular tabletop exercises on the IRP, adding and subtracting issues (electric grid compromised, managing partner inaccessible on a safari, etc.). Make sure the IRP is accessible during a disaster – we saw one data breach where the IRP was only in electronic form and it got encrypted with all the other data by a ransomware attack. “Whoopsie-Daisy” doesn’t quite cover the extent of that debacle.