I saw this article while browsing and it brought to mind not only the 'Panama Papers' breach, but the more recent 'Paradise Papers' leak. With a large majority of people and businesses requiring legal representation nowadays, the onus is on law firms to secure data.
A simple folder of harmless transactions, personal or commercial IP, or even evidence of wrongdoing. There are many reasons to protect data, but in the end, it is all about the trust of the client. It is only a matter of time until all high-profile potential clients of law-firms vet their prospective representation for not just their legal credentials, but their cybersecurity protocols as well. This is probably a good thing.
But what can a law firm do? This article does explore a good approach to information security at the workplace - one that can be applied to law firms at all levels. However, most law firms are not DLA Piper, Baker McKenzie or Clifford Chance. Many of these firms are smaller outfits, and need to balance the potential risks with the costs of a new approach to security. It is a difficult choice when you have an IT budget of $500,000 and your upgrades to infrastructure, networking and security will cost you $550,000. But what are the potential losses to the business if a breach occurs?
The loss of custom and revenue is bound to outstrip that by a lot, but the damage to reputation is immeasurable.
Take note of some of the points in the original article and work to address any gaps in security. A robust security plan may even appeal to clients. Additionally, law firms big and small may need to think about cleverly investing in security to match budgets, or even increasing them altogether.
How Law Firms Can Make Information Security a Higher Priority