Today, over 90% of lawyers use smartphones for law-related matters. Law firms have become a prime target for cyber attacks because of the valuable data they possess and their lack of security. A study done by ALM Legal Intelligence reported 22% of law firms do not have an organized plan in place if a data breach were to occur. Hackers have noticed that law firms are vulnerable in this area. Legalitprofessionals.com says for this reason, many law firms are now focusing on mobile security.
With the heavy use of mobile devices for work, more lawyers are working away from an office. Over a third of lawyers work from home or in a shared space. For lawyers that do work in a traditional office setting, 77% of them take work home and often work when they travel. The majority of firms simply do not have the necessary security precautions in place for remote work.
What’s at Risk?
The use of mobile devices in business produces client confidentiality risks for law firms. The American Bar Association (ABA) clearly states client confidentiality applies to all relevant technology in Article 1.1 Comment 8 on Maintaining Competence. Lawyers have the responsibility of keeping up-to-date on safeguarding their technology, implores Sarah Anne Hook, M.B.A. J.D. in her Legal Ethics Update on Mobile Device Use and Client Confidently. Client confidentiality on mobile devices is an ethical duty and should not be taken lightly.
What are The Top Threats to Law Firms?
- Loss or theft. Lawyers need to be reminded to be alert and be responsible for their devices.
- Data configuration. A study referenced by Legal IT Professionals named outdated software as one of the largest device configuration issues.
- Accessing email on public WiFi and phishing scams are easy traps to fall into. 59% of emails to law firms are marked as phishing/SPAM emails, reports Shred-it.
What Can Lawyers Do to Protect Themselves and the Firm?
Having a mobile policy and safeguards in place will exponentially decrease risk of a breach. Only 42% of ABA survey respondents have a written policy on mobile device usage at their firms. Regular employee training on security threats and how to prevent them is recommended.
Firms should implement a filtering software and train employees on how to spot phishing/SPAM emails. Lawyers need to be reminded to be cautious with client-sensitive information when using email on public WiFi. Downloading email files could contain malware.
New devices should be secured with proper setup. When selecting apps and installing applications, don’t give permissions unless necessary, especially for Android. Mobile devices can also be protected with encryption software that is available for both Apple OS X and Windows. Also, regularly keep the operating system updated whenever updates are available.
Law firms should look for technology partners to assist them in protecting their data. Having a technology partner will bring peace of mind to law firms that are concerned about data breach implications.
We live in a mobile world, therefore, cyber security must be top of mind. Hackers are constantly looking for companies with valuable data and low defenses. Lawyers and firms have a duty to protect client confidentiality, and the use of mobile devices (whether in or out of the office) is no exception. Law firms need to make mobile policy and cyber security a priority. Employee education and engaging a technology partner are the best ways to prevent a potential threat from occurring.