Your ABA: Information security for law firms

You currently do not have JavaScript enabled in your web browser.
The ABA website relies on JavaScript for display purposes.
To fully experience the ABA site, please enable javascript.>

Advanced Search
Topics A-Z


	May 2007 e-news for members

Send a letter to the editor

Print this article

Email this article

Information security for law firms

Failure to implement adequate security measures can come with a price tag that few law firms can pay. At $182 per compromised record, or an average of $4.8 million per breach, why has the legal industry been one of the slowest to implement incident response plans? This question is especially pertinent since law firms are required ethically to maintain the confidentiality of client data.

"Information Security for the Small- and Medium-Sized Law Firm," a recent CLE teleconference sponsored by the Section of Science and Technology, Law Practice Management Section and the ABA Center for Continuing Legal Education explored data security through various case studies. Although a lack of statistics regarding information security in law firms makes it difficult to pinpoint surefire solutions, the expert panel provided suggestions that can help firms reduce the vulnerability of their confidential information.

Protecting a client's confidential information can include steps as simple as resetting default passwords on newly purchased hardware and software. People often fail to change passwords and other factory-set settings, leading to a critical oversight, according to John W. Simek, vice president of Sensei Enterprises and certified forensic technologist. He also suggests regularly updating a firm's computer system with security patches, which are usually available for download at the manufacturer's Web site.

Providing firm employees with proper training is another critical step that is often overlooked as well. Without training, employees are more likely to trust e-mail messages, going so far as to click links provided in unidentified e-mails. Employees who lack training in technology issues are also likely to visit Web sites that are not secure, increasing the likelihood of outsiders gaining unwanted access to confidential files.

While changing passwords and providing training for employees can help to decrease the likelihood of a security breach, firms additionally should be aware of disgruntled employees, who can pose the biggest threat. These employees can cause irreparable damage, particularly when they leave the firm, by accessing proprietary information, or possibly damaging files or releasing confidential data. Firms need to maintain a secure access to information to avoid this type of situation.

With recent Privacy Rights Clearinghouse reports that estimate more than 100 million compromised records, law firms need to take action. For more information on the tips provided during this teleconference, click here.

Eye on Ethics-
Forming Partnerships With Foreign Lawyers

Q & A

Q&A on Second Season of Service initiative

Around the ABA

New committee in Section of Dispute Resolution to offer ethical advisory guidance

Striking out on your own shouldn't mean striking out

Protecting your own assets —understanding the anatomy of a malpractice claim

One-stop shopping for resources in finance, marketing, practice and technology

Information security for law firms

Taking your law firm public—the future of international legal business

Bankruptcy law transforms lawyers from advocates to detectives

Litigation posts conference materials online

TOPICS A-Z WEB STORE ABA CALENDAR CONTACT ABA

AMERICAN BAR ASSOCIATION | 321 NORTH CLARK STREET | CHICAGO ILLINOIS 60654
ABA Copyright Statement ABA Privacy Statement