If you look at the “Hot Buttons” column in the July/August 2019 issue of the ABA’s Law Practice magazine, you will find the article “A Road Map for Lawyers with Cybersecurity Paralysis” written by Sensei’s Sharon Nelson and John Simek. Law Practice magazine is a bi-monthly publication of the American Bar Association’s Law Practice Division.
Excerpt: We understand why lawyers have cybersecurity paralysis. They don’t understand cybersecurity, experts disagree on the best steps to take, the majority of cybersecurity measures involve spending time and money and, to top it off, the threats and defenses against those threats change daily. Here’s a brief road map to where you should be going.
Without bombarding you with numbers, the smaller the firm, the less likely it was to have a policy covering document retention, acceptable computer use, remote access, social media, personal technology use and employee privacy.
Perhaps most startling to us was the fact that only 25 percent reported having an incident response plan, a critical cybersecurity component. Larger firms were more likely to have such a plan. In general, larger firms have a bigger attack surface, but they also have more resources to devote to cybersecurity. We therefore focus in this column on solo, small and midsize firms as we try to lay out a road map to cybersecurity.