Login | January 26, 2020

ABA survey: Lawyers continue to ignore cloud security

Technology for Lawyers

Published: January 3, 2020

Clouds are ephemeral things. They constantly change shape and move fast through their atmosphere. They hardly seem real. But they also come with hurricanes and tornadoes.
Cloud computing, on the other hand, is real. It is also another misnomer in a vast ocean of computing misnomers—and maybe that’s why so many lawyers still refuse to understand what cloud computing is?
The most recent ABA tech report would have us think that lawyers still don’t understand the necessity of securing their data, as only about a third of attorneys who use offsite computing services are “actually taking any one of the specific standard cautionary cybersecurity measures listed in the 2019 Survey question on the topic.”
And that figure is actually down 3 percentage points from 2018. Attorney awareness of cloud computing security is actually getting worse.
Lawyers are way behind the rest of the world in adopting cloud technology anyway, according to the survey. Only about 40 percent of attorneys even use offsite computing. But even those folks still don’t seem to understand the risks involved.
Cloud computing is actually “software as a service.” It’s no different in function than software on an office computer. And, like any software, it can be hacked.
This decrease in security awareness comes in the midst of the ramping up of security awareness in the rest of the world, with GDPR, CCPA, and other laws and civil privacy lawsuits exploding the privacy discussion around the world.
And beyond the new emphases on privacy, attorneys have separate and far more stringent rules on their behavior with confidential client information. Lawyers who leave that information unprotected are subject to multiple actions against them—up to and including losing their licenses.
And yet, statistically, they don’t seem to care much. Do you?
More stats (which I talked about previously): 26 percent of firms reported a breach—but 19 percent of respondents didn’t even know if they had one. Great communication there.
Fewer than a third have incident response plans; a quarter to less than half encrypt; only a third have cybersecurity insurance.
Can anybody explain to me why attorneys are statistically so lazy when it comes to cybersecurity? Is it because clouds seem so harmless? You can encrypt your answers.