37% of law firms breached reported a loss in billable hours.
28% incurred hefty fees for correction.
22% reported costs associated with replacement of office hardware/software.
Source: "Law Firm Data Breaches,” National Law Review, 2017
As the legal industry modernizes and improves client experience with digital tools, it’s vital that your firm’s information security practices keep up. To keep your clients safe from a data breach, your employees must understand how to collect, store, handle and destroy confidential information in an increasingly digital environment.
Client privacy and confidentiality is a pillar of the legal profession— but your employees can still make mistakes.
1. Train early and often.
Don’t wait until a data breach happens to start training. Teach employees early on that everyone in the firm is responsible for protecting confidential data — including them. Arm associates with practical tips and real-world examples to help them practice good habits that keep confidential data safe.
2. Say no to negligence.
The more employees your firm has, the higher the risk that someone will be negligent with confidential data — or even purposely cause a data breach. Teach your employees how to identify negligent, unethical or malicious behavior and empower them to take the necessary action if they feel that confidential client data may be at risk.
3. Prioritize security outside the office.
Lost or stolen laptops are one of the most frequent causes of law firm data breaches. Ensure your firm has a policy for remote and mobile workers that addresses how to protect data while traveling or while working on unsecured networks. Include a security policy for employees who use their own smartphones, laptops or tablets for work.
4. Remember - Less is more (secure).
Law firms are a goldmine for potential data thieves. Firms house physical and digital data on both clients and their business, but also potentially large amounts of personal information on witnesses in litigation. Conduct regular and consistent clean-outs to properly store and destroy outdated paper documents and hardware containing data.
5. Be transparent.
A law firm is built on its reputation. One of the easiest ways to enhance your reputation is to establish simple and consistent protocols for handling client data, whether confidential or not. Explaining your email retention and incident response protocols, for example, demonstrates to clients that you always prioritize the safety of their information.