Proactively Preventing Data Breaches in 3 Simple Steps

September 11, 2014
Salt Lake City, UT

Modern Concern

Data security and information intelligence is not a new phenomenon, nor is it one that will be fleeing the concerns of industry any time soon. Target's data breach of 2013 was a wake-up call for consumers and businesses to take a deeper look into how data is shared and disseminated; this breach cost the corporation $110 million and exposed financial information of up to 100 million people. Undoubtedly, affected consumers made an effort to reanalyze their shopping decisions, and the rest who weren't directly affected are thinking of ways to make sure it does not happen to them. The best way to prevent data breaches and unwanted intrusions is to be proactive in establishing safeguards that are tried and true methods of prevention. Once a breach has occurred, all business processes and security efforts become hindsight realizations that could have possibly been prevented.

Law firms have a heightened need of security given the sensitive nature of matters that they deal with on a day-to-day basis. Added to this heightened security is the increasing number of breaches that have occurred in law firms recently. In fact, the FBI's New York office called a meeting in 2011 with the top New York City law firms to address the rising number of attacks in the industry and why it should be a priority to safeguard client data. Law firms are obvious targets for hackers, and the fact that some firms have not utilized current technology to avoid intrusion is alarming and should be noted.


There is no doubt that the weakest link in any law firm is the person sitting behind the computer. An innocent click, an invitation to accept, or an email that looks legitimate can be easily accessed by firm employees and subsequently cause an infection, allowing outside eyes to access all of the firm's information. When a client discovers that their firm has been breached and personal information compromised, the consequences will be long-reaching, both monetarily and in terms of firm reputation and longevity. Luckily, there are some important activities that a firm can participate in to ensure safeguards in place that will protect their client's information:

  1. Perform extensive due diligence on vendor technology: Most firms rely on outside technology vendors for case management, time and billing, document management, and other programs for information organization.  These vendors need to be vetted and validated, ensuring they have taken the correct measures to protect the firm's data.  A vendor should be able to provide documentation and case studies that prove their technology will protect beyond what the firm could do without a specialized vendor.
  2. Establish employee policy protocols: Attorneys need to be aware of the threats that will cause harm to their firm.  Education, training, and security awareness programs, coupled with constant vigilance are key aspects in ensuring a law firm's security.   A firm administrator, with guidance from IT and security professionals, should establish some simple rules and guidelines for what is allowed and what is not in terms of technology use.
  3. Monitor trends in technology that affect security:  New threats are formed daily, and as technology evolves, so should a law firm and so should the technology.  As firms educate themselves on all possible security scenarios, they will be better equipped to circumvent potential damage.

One central thread remains constant when it comes to law firm security: If a firm is breached, there will be consequences. These consequences range from negative public image to legal action. Additionally, downtime in a firm to resolve instances of security breaches will result in lost revenue. There is an assumption in law firms that client representation will remain confidential, but this assumption needs to be explicitly stated and reinforced through strong security measures to avoid the ugly, unwanted consequences of data intrusions.