As a lawyer, you have an obligation to ensure that the tools you use to communicate with clients and vendors are secure. Data breaches – the inadvertent or unauthorized disclosure of sensitive client information – is one of a law firm’s most devastating and costly errors. Client trust is critical.
Data breaches are nothing new. For businesses of all kinds, in all industries. Cybersecurity attacks have been on the rise, and law firms are definitely not exempt. In fact, as lawyers generally carry a reputation of not being as tech-savvy as other industries, hackers may see them as an easier target.
According to a Data Protection Report, 45% of large businesses in Canada report having been breached in 2019, a staggering jump from 24% in 2018.
Part of the increase could be due to new mandatory breach notification laws that went into effect in late 2018, ensuring more transparency and reporting of these incidents. But the fact remains, 90% of legal professionals believe they need to do more to show employees and consumers that they are protecting personal data.
A recent investigation in the U.S. has determined that law firms are falling victim to data breaches at an alarming rate, and the situation may only be getting worse. The study notes that law firms are a top target among hackers because of the sensitive nature of the personal client information in their possession.
The American Bar Association’s TechReport 2019 illuminated some troubling statistics:
- 26% of firms have experienced some sort of security breach
- A further 19% don’t know if their firms have experienced one
- Only 35% (down from 38% the year before) are taking specific cybersecurity precautionary measures listed in the survey
- Only 28% (down from 38%) of respondents reviewing vendor privacy policies
In summary, law firms are often an easy target, and cybersecurity measures aren’t being taken seriously enough.
Whether it’s a malicious attack, a system glitch or human error, it’s safe to say there’s a lot of room for improvement in the legal industry to batten down the hatches in this area. In Part Two of the series, we’ll have a look at just what law firms can do to better protect against data breaches.