Are you doing everything that you can — and should — be doing to secure your law firm’s data and systems?
By Nicole Black
Apr 18, 2019 at 4:59 PM
In 2019, cybersecurity is an issue that is — or should be — on the minds of lawyers in firms big and small. This is because lawyers have an ethical obligation to preserve the confidentiality of client information. And as lawyers increasingly move their data into digital format, that obligation necessarily shifts to the firm’s data stored online.
Law firms take many different security precautions in the name of client confidentiality. But, according to the most recent ABA Legal Technology Survey Report, the types of security measures used vary greatly from firm to firm.
What cybersecurity procedures does your firm have in place? Read on to see how your firm’s efforts compare to some of the measures taken by other firms to secure their data.
Password-Protect All Devices
For starters, lawyers are using passwords to protect their laptops. According to the Report, more than 90 percent of lawyers surveyed reported that they password-protected their laptops. The large firm lawyers led the way with 100 percent of respondents from firms of 100 or more attorneys doing so. Next were of solo firms at 99 percent, followed by 98 percent of lawyers from firms with 2-9 attorneys, and 94 percent of lawyers from firms with 10-49 attorneys.
Even more lawyers report using password protection for their smartphones, with 92 percent of lawyers doing so. The lawyers most likely to password-protect their smartphones were lawyers from firms of 10-49 (97 percent). Next were 95 percent of lawyers from firms of 2-9, 95 percent of lawyers from firms with 100 or more attorneys, and 87 percent of solos.
Physical Protections for Firm Hardware
According to the Report, 55 percent of firms used physical security measures, such as a key fob, to protect the hardware located onsite. Other steps taken included a locked or secured server room (36 percent), computer locks (35 percent), a security alarm (26 percent), and video camera surveillance (18 percent).
Solo lawyers were the least likely to use any of these security measures. And, not surprisingly, the larger the firm, the more likely its lawyers were to report that entry security was in place, such as key fobs, with 98 percent of lawyers from firms of 500 or more lawyers reporting that their firm used that type of physical security measure. Interestingly, lawyers from firms of 50-99 lawyers were the most likely to lock their server room, with 90 percent reporting that occurred in their firm, compared to 74 percent of lawyers from firms of 500 or more lawyers.
Other Security Tools Used to Protect Firm Hardware
Firms of all sizes implemented a variety of other types of security measures to protect law firm hardware. For example, 87 percent of lawyers reported that their firms used spam filters. Other very common security measures included anti-spyware (80 percent), firewall software (79 percent), pop-up blockers (75 percent), desktop and laptop virus scanning (73 percent), email virus scanning (69 percent), mandatory passwords (68 percent), network virus scanning (66 percent), and hardware firewalls (57 percent).
Less common, but nevertheless still fairly prevalent hardware security tools used by the firms of lawyers surveyed included file encryption (46 percent), file access restriction (41 percent), email encryption (38 percent), intrusion detection (34 percent), intrusion prevention (33 percent), web filtering (29 percent), whole/full disc encryption (24 percent), and employee monitoring (20 percent).
Another popular security measure that is on the rise in 2019 is using a password manager such as Lastpass or 1 Password to store passwords. According to the Report, 24 percent of lawyers reported that they used these types of tools.
Lawyers from firms with 100-499 lawyers were the most likely to use password managers at 30 percent, followed by solos at 27 percent. Next were lawyers from firms of 500+ attorneys at 26 percent, and last were lawyers from small firms (2-9 attorneys) who were the least likely to use password mangers, with only 23 percent of them reporting that they did so.
Secure Computing in the Cloud
One notable statistic from the Report was that one of the primary reasons lawyers are moving from premise-based software to using legal software in the cloud to run their law firms is because of security. In fact, according to the Report, 31 percent of lawyers surveyed reported the primary reason that their firms made the move from premise-based software to cloud-based software in 2018 was because it provided better security than they were able to provide in-office. Also of note is that 55 percent of lawyers surveyed reported that they’d already used cloud-computing software for law-related tasks over the past year, up from 38 percent in 2016.
So it’s no surprise that more lawyers than ever are planning to make the move from premise-based software to cloud-based software in 2019. According to the Report, in 2019, 10 percent of law firms are planning to replace premise-based legal software with a cloud-based alternative (notably 43 percent weren’t sure what their firm’s plans were). Of the firms that planned to make this move, small law firms with 2-9 lawyers led the way at 15 percent. Next up were law firms with 10-49 lawyers at 14 percent, followed by firms with 50-99 lawyers at 13 percent, firms with 100-499 lawyers at 12 percent, and coming in last were solos at 6 percent.
And last but not least, law firms are making use of outside security experts to assess the sufficiency of their law firm’s security measures. As shared in the Report, 28 percent of firms had had a full security assessment conducted by an independent third party last year. The most likely to do so were firms with 100-499 lawyers (44 percent), followed by firms with 50-99 lawyers (34 percent), firms with 2-9 lawyers (33 percent), firms with 10-49 lawyers (32 percent), firms with 500 or more lawyers (30 percent), and solos (16 percent).
How Does Your Firm Compare?
Those are just some of the security measures being taken by law firms in 2019. While the steps shared above aren’t an exhaustive list of everything that firms are doing in 2019 to ensure security, they provide a good overview. How does your law firm compare? Are you doing everything that you can — and should — be doing to secure your law firm’s data and systems? If not, there’s no better time than now to increase your firm’s security by performing a security audit and establishing additional security procedures for your firm.
About the Author
Nicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, web-based law practice management software. She’s been blogging since 2005, has written a weekly column for the Daily Record since 2007, is the author of Cloud Computing for Lawyers, co-authors Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York. She’s easily distracted by the potential of bright and shiny tech gadgets, along with good food and wine. You can follow her on Twitter @nikiblack and she can be reached at firstname.lastname@example.org.