Every industry is facing unprecedented cybersecurity threats, from consumer brands and banks to government organizations and, yes, the legal industry. Law firms have access to large amounts of private and valuable client data, whether the clients are individuals or corporations, and hackers want to get their hands on it. It is critical that legal firms think seriously about their individual information security practices, as well as begin to examine the state of information security in the profession as a whole.
In a recent survey of 150 legal firms conducted by my firm, Digital Defense Inc., and the International Legal Technology Association examining the legal industry’s information security practices, it was revealed that “careless employees” was the No. 1 cybersecurity concern for legal firms by a wide margin, beating out malware, hackers/malicious actors and unpatched software/devices. Legal firms are smart to be worried about the risks their employees can pose, usually unintentionally, to the firm’s security.