As recent cyber incidents have demonstrated, cyberattacks are now an emerging threat for all types of businesses. Roughly 80% of businesses reported experiencing cybersecurity-related incidents last year alone, costing businesses roughly $3.62 million per breach. Lawyers and law firms, however, face unique data security challenges that could impact their ability to practice competently and ethically. Over half of states now require attorneys to keep abreast of the latest technological advances impacting legal practice, and the American Bar Association (ABA) has recommended that attorneys use encryption to protect certain types of client data.
Knowing the regulatory details behind PIPEDA, HIPAA, GDPR and other potentially-applicable security standards won’t be enough to protect your clients’ data from being potentially compromised. You’ll need to know how to implement industry-vetted data breach response plans and the right data security safeguards to secure your clients’ data. Although carrying out these tasks requires sophisticated knowledge of information systems and security safeguards, a substantial number of law firms still assign these highly-technical tasks to their own attorneys. As the American Bar Association (ABA)’s most recent TechReport revealed, close to 40% of attorney respondents reported saying that they were solely responsible for their firms’ data security plan.
Firms will also need to look at their own internal procedures and practices to prevent their clients’ data from being compromised. As Verizon Enterprise’s 2018 Data Breach Investigations Report shows, roughly 1 in 3 of the 540 cybersecurity incidents and 132 successful data breaches that impacted professional services firms last year occurred due to employee errors and internal threats. While in-house or vendor-supplied educational training and specialized on-site IT departments can help, they aren’t a failproof way to prevent potential incidents that could arise from human error or insider attacks. This is evident in the fact that ransomware--the most prevalent type of cyberattack--accounted for 39% of cyberattacks last year and 4% of e-mail recipients still tend to open phishing e-mail links. Storing your clients’ sensitive data on your own computers or local servers means that it’s only clicks away from being compromised.
Attorneys who fail to take reasonable and commensurate steps to secure client data could face professional sanctions, regulatory fines, and even disbarment in extreme cases. The easiest way you can protect your clients’ sensitive data and ensure full compliance with data security regulations is to work with experienced IT professionals who can craft customizable security protocols for your firm to follow. The ABA recommends that lawyers associate with field experts as a way of bridging technology-related experience gaps, and working experienced professionals outside your organization can bring a fresh outsider’s perspective to the state of your existing safeguards. Managed virtual cloud hosting is one option your firm can consider, since it allows you to securely host your software and client files in encrypted environments that can be customized to meet specific data security regulations. It’s a move that can be cost-effective for law firms and business of all sizes, as companies working with cloud providers have saved $3,966 per month on average when compared to on-site alternatives.
Abacus Private Cloud can help protect your software and client data in compliance with professional, domestic and international data security requirements. Contact us to schedule a free cybersecurity assessment and learn how we can help protect your sensitive data from cybercrime.