From the White House to Congress and from Wall Street to the mom and pop storefront on Main Street, the issue of cybersecurity is one that is here and here to stay. Hacking computers is no longer a “cottage industry” or something done by lone disgruntled individuals or teenagers in their parents’ basement. This is now a criminal endeavor that is highly organized and getting more sophisticated each week. As a recent article (Cyber Situations) in the magazine Best’s Review (April 2013) points out, the new breed of cyber criminals does not discriminate between large and small companies. As long as you have personally identifiable information in your database, whether internal server or cloud based, that information is at risk.
Obviously the best defense is a good offense as the saying goes, including ongoing staff training in the ever evolving cyber threats law firms or other businesses face. There is no easy solution, but a diligent IT department and well-informed C-suite and senior and risk management staff can certainly facilitate the research and deployment of prudent firm data security policies and procedures. But what if a breach does occur?
Cyber liability insurance, while relatively new to the law firm market, is emerging as an important component of a firm’s overall liability coverage. Client data, including social security numbers, credit card and other financial accounts, notes from attorney-client conversations, business transactions, etc., is enticing information that can be sold to illegitimate parties looking to make a quick profit or to exploit persons or businesses. Even the process of completing a law firm cyber insurance application can be enlightening, pointing out potential data security holes in a firm’s database, website, or portable devices such as smartphones, notebooks, and laptops used on the road or in the courtroom.
For perspective on the vulnerability of law firm data, the 2011 International Legal Technology Association (ILTA) Survey (pdf) indicated that 87% of law firms do not encrypt laptops; 61% have no intrusion detection tools; 64% have no intrusion protection tools; and for firms that purchase iPhones and Androids for employees, 94% don’t bother to track them. Not good for an industry that harbors highly sensitive information. And in a separate 2011 study (article), at least 80 major US law firms were hacked in that year.
In this age of not if, but when a cyber breach occurs, law firms need to take the issue of cyber security and cyber liability extremely seriously, no matter if you’re a solo in Des Moines or a C-suite partner in Los Angeles.
Please take some time to check out the Cyber Resources page on the ALPS Protection Plus website and contact us with any questions you may have about cyber coverage for your firm.
Kiffin Hope+ is the Social Media Community Manager for ALPS. He runs the ALPS 411 law blog, working with contributors from around the country. His posts cover tech, cyber security threats, and smartphones.