Law firms are repositories of confidential data and information. However, in recent years, numerous law firm security breaches have been reported.
According to the ABA 2018 survey report, law firm security breaches occur across the board. Fourteen percent of solo practitioner attorneys, 24% of law firms with 2-49 attorneys, 42% of law firms with 50-100 attorneys, and 31% of law firms with more than 100 attorneys have been victims of law firm security breaches.
Therefore, it’s important to ensure that the law firm you or your business uses has the security measures in place to prevent data breaches.
Potential Law Firm Security Risks
Whether it’s a stolen laptop or an elaborate hacking, when it comes to the security of a law firm, a breach is a breach.
Let’s look at a few things that can put a law firm’s security at risk:
- Ignoring basic safety measures. All law firms should have comprehensive security policies and programs in place, focusing on employees, processes, and technology. Cybersecurity should be a critical consideration to prevent phishing attacks and malware threats.
- Not scheduling regular security assessments. To prevent a security breach, especially a data breach, it’s of utmost importance that the firm prepare an inventory of data and information stored in different places in the office. How vulnerable are the data and information? What if they were stolen? Conducting regular assessments is critical to the security of the firm, irrespective of the size. Larger law firms are more prone to security breaches as they have a wider clientele and more data.
- Not shredding old or data-sensitive legal documents. It’s extremely vital to destroy legal documents that are no longer required. Just one employee casually throwing legal documents in the recycle bin can lead to major law firm security breaches.
3 Law Firm Security Requirements That Need to be Followed
From business contracts to wills, estate planning to real estate deeds, medical records to pre-nuptial agreements, law firms handle massive amounts of data and information. Hackers or unauthorized persons who can access these documents threaten the safety of all clients, tarnish the firm’s online reputation, and ultimately lead to litigations against the law firm.
To ensure this doesn’t happen to the law firm you rely on for personal and/or professional legal services, here are three proven security tips they should be following to protect the firm from security breaches:
1. Comply with Customer Privacy Laws
Law firms must comply with laws related to the privacy of its clients. Different laws ensure consumer privacy, such as FACTA, Gramm-Leach-Bliley, and HIPAA. The firm must ensure that all employees understand these laws and mitigate data breaches via proper documentation. Research shows that up to 25% of information breaches in law firms are a result of employee error or negligence.
2. Establish and Maintain a Data Retention Policy
Many legal practices retain files comprised of data and information about clients for long periods of time. However, law firms are not obligated to maintain client records. By accumulating unnecessary documents and files, they increase the risk of unauthorized access. They need to inform clients before destroying their documents and files. And as a client, you possess the right to ask for the documents that the law firm may be holding.
3. Partner with a Shredding Service Company
The best way to destroy documents with sensitive information is to shred them. Given the volume of documents law firms have in their possession, it doesn’t suffice to rely on small office shredders designed for occasional use.
A professional shredding services provider has industrial equipment that shreds quickly and inexpensively. They also offer a variety of services for shredding documents — at their facility or at the client’s office via mobile shred truck.
Ask your attorney how the firm handles the destruction of sensitive documents. If they don’t partner with a professional shredding services provider, share what you’ve learned about the laws they need to follow. You can also suggest they choose a company that is AAA Certified by the National Association for Information Destruction; this means they have the written policies and procedures in place to ensure employment verification is enforced and quality control is checked on an ongoing basis.
Back to Blog