70% of Large Firm Lawyers Don’t Know If Their Firm Has Been Breached

Sharon Nelson and John Simek Principals, Sensei Enterprises

“Fully 70 percent of large firm respondents reported that they didn’t know if their firm had experienced a security breach,” according to the 2013 survey, entitled “Security Snapshots: Threats and Opportunities” conducted by the ABA’s Legal Technology Resource Center. Of course, the fact that they don’t know does not indicate a breach (easy to overlook that point).

According to the survey, 15 percent of survey respondents had experienced a security breach, and respondents of mid-size firms (10-99 attorneys) were most likely to know about the breach. That makes sense because mid-size firms are more attuned to anything major happening that might affect the firm.

The survey highlighted the increased risks from bring-your-own-device policies which allow attorneys to access firm networks through their smartphones, tablets or other devices. The report found that “34 percent of respondents reported that their firms allowed them to connect their personal mobile devices to the network without restrictions.”

Our own experience, and conversations with other friends in information security, confirm how often law firms don’t tell their attorneys that there has been a breach. They seem to operate on a “need to know” basis concluding that their attorneys don’t need to know. We often hear “we have no proof that anything was done with client data” in spite of the fact that the intruders had full access to their network. Our encounters with these breaches indicate that if law firms can keep the breach quiet, they will.

They will spend the money to investigate and remediate the breach, but they will fail to notify clients under state data breach laws and they won’t tell their own lawyers for fear the data breach will become public. Is that unethical? Probably. Unlawful? Probably. But until there is a national data breach law with teeth, that approach to data breaches is unlikely to change.

There will, of course, be multiple sessions at ABA TECHSHOW dealing with law firm data breaches and how to secure your firm’s data.

Sharon Nelson and John Simek have been frequent presenters at ABA TECHSHOW. Nelson served as Chair of the 2006 TECHSHOW Planning Board. Together they are principals of Sensei Enterprises.


300x250_staticABA TECHSHOW is an annual legal technology Conference and EXPO designed to bring lawyers and technology together for three days of CLE and networking. Presented by the ABA Law Practice Division, ABA TECHSHOW helps lawyers practice efficiently through the use of technology.

BASF members receive a discounted rate of $895 and if you register before February 10, you can register for only $675!

Register online: http://www.techshow.com, or download the registration form

Be sure to include the discount code, EP1421, to receive the discounted rate.

When: March 27-29, 2014
Where: Hilton Chicago

More information can be found: www.techshow.com