The Security Investment
While cyber security threats are hardly new (McAfee and Norton were both formed some 20 years ago), a quick look at the tech headlines indicates security and privacy issues on the web have only worsened. A couple weeks back, a disconcerting Facebook glitch exposed many users’ private chats to other Facebook users. Google is getting serious heat in Europe and at home for inadvertently collecting citizens’ data from unsecured Wi-Fi networks while capturing pictures for Google Earth. Meanwhile, AT&T recently apologized for a security hole that exposed over one hundred thousand Apple iPad users’ email addresses, including many government officials. More recently, the Tuesday pre-sale of the iPhone 4 clogged both Apple and AT&T’s online stores, while some AT&T customers claim they were able to access other customers’ accounts, exposing private data such as account details and credit card info.
Meanwhile, the proliferation of the social web (e.g. LinkedIn, Twitter) has raised countless new privacy concerns, many of which present serious challenges for law firms. This past spring, Facebook rolled out Community Pages (wiki-like public info pages), which the social networking site automatically generates based on users’ listed jobs, hobbies, and interests. These pages are different from typical company pages because the company, or law firm, didn’t create it. These Community Pages have generated embarrassing press for firms, undoubtedly forcing many to create or tighten the firm’s ‘social media policy’.
While these privacy issues are serious, law offices of all sizes must also deal with security issues that are often expensive to prevent and far more complex. Because of their size and industry, large tech companies like Google and Facebook shoulder a huge responsibility to protect users’ privacy. But while an individual law firm’s security snafu may not make the WSJ’s headlines, it could be just as costly. In a recent interview by Tom Field, Brian Hengesbaugh, a partner with Baker & McKenzie, said this regarding the cost of law firm security breaches:
“It’s a very big dollar value issue. The Ponemon Institute estimates that the cost of the data security breach is around $204 per record, which translates to about $6.65 million per incident, itself. So, real money, and not just liability issues, but reputational issues for companies.”
Despite these costs, many professionals wind up sweeping their concerns under the rug. Erin Coe of Law360.com writes about the many security issues facing law firms today in her informative article, Data Security Takes A Backseat At Law Firms.
“While it may be a no-brainer for some, many firms of all sizes have been slow to ramp up their security measures and are leaving themselves open to attacks, according to experts…As service organizations, law firms have not placed the same premium on their internal systems as have Fortune 100 and 500 companies.”
The result is that law firms, holding confidential information concerning their clients, are targeted instead of their clients. While this sort of deliberate attack is mostly a concern for firms with high profile clients, any attorney’s professional reputation rests in part on their ability to keep private information secure. What can you do? A great resource for security info for smaller offices is staysafeonline.org. Here’s a list of basic best practices that will go a long way in protecting your computer, at home and at work.
-Update anti-virus and anti-spyware protection (look for an automatic update option).
-Stay on top of security patches.
-Turn on your operating system’s firewall, or get another one online. Update it regularly.
-Use a strict spam filter. Even then, use discretion opening attachments. Never open an attachment from an address you don’t recognize.
-Never follow a link to submit personal info to a company. If you need to fill out a form, type the URL in yourself, so you know the website is legitimate.
-Regularly run Google Image searches for your company name to check for fraudulent imitations. If someone is trying to scam your clients with a fake website, chances are they’re using your logo.
These are necessary precautions. Larger firms must invest in smart IT people to teach employees about security issues, configure proper server settings, update firewalls, and use data encryption software. Fortunately, there’s plenty of information available for professionals looking to bring their system’s security up to par with their personnel’s trustworthiness. While often costly, security is an essential piece to keeping your practice profitable and competitive in the future.