This past May, a survey of more than 2,100 companies worldwide, released by Symantec Corporation, found that 73% of small and midsized companies experienced a cyber attack in the past year, and that 30% of the attacks were â€œsomewhat/extremely effective.â€ According to the Chubb 2010 Private Company Risk Survey, only one-third of private companies surveyed have response plans in place for electronic security breaches, while a relatively small number are developing such a plan. These statistics highlight the need for firms to protect themselves against data breaches.
For law firms in particular, three data risks stand out as the most critical in today’s environment: data vulnerability, loss of client data, and loss of employee property.
The newest risk is from hackers tampering with electronic data. While most law firms focus on cash flow and have controls in place regarding firewalls, cyber criminals attempt to remain one step ahead. Recent news reports highlighted incidents of law firms being hacked by foreign nationals.
Loss of client data can threaten the vital fiduciary relationship between law firms and their clients. Moreover, loss of a law firm’s client’s data introduces an entirely new realm of exposures beyond malpractice and into first party expense.
Interestingly, the most common cause of a data breach results from some of the seemingly most innocuous scenarios: loss of employee property, such as a laptop computer or smartphone. For attorneys who travel frequently and work long hours, laptops, smartphones and flash drives are immensely valuable tools â€“ but in the wrong hands, they can create a cyber nightmare for a law firm.
Below are some tips for handling laptops, smartphones or flash drives in order to guard legal professionals against data theft due to lost or stolen data storage devices:
- Never leave devices or computers inside a car. While this may seem like basic advice, many laptops and smartphones are easily stolen from unlocked vehicles. Carry the items with you, but if you cannot, locking them in the trunk is safer than leaving them on the back seat.
- Pay attention at airport security lanes. Try to wait for any backlog to clear at the end of the conveyor belt where people gather to collect their belongings.
- Don’t leave unattended items in a hotel room. Smaller laptops may fit inside in-room safes, or the front desk staff can store computers or devices in the hotel safe.
- Public working areas such as coffee shops or airports can also be promising venues for thieves. A helpful step is attaching your laptop to something strong, such as a table leg or a radiator with a cable lock.
- Password protect your device and encrypt the data. Should your device be lost or stolen, it will be much more difficult for someone with malicious intent to access clients'(and clients’ clients’) data.
This post by Jim Rhyner, worldwide lawyers professional liability insurance product manager, Chubb Group of Insurance Companies, is one of a continuing series of guest posts on CounseltoCounsel. Special thanks to Jim for his continued contributions.