Login | January 23, 2021

Latest ABA tech report shows lawyers still don’t understand even basic cybersecurity

Technology for Lawyers

Published: December 4, 2020

Almost a year into the Work From Home (WFH) forced phenomena, and the annual ABA survey of attorney technology shows that more than half of you are not taking even the most basic security precautions.
Because, of course, lawyers are smarter than anyone, right? You can all simply bend the universe to your will.
I would have more to say, but anyway, according to the American Bar Association’s recent survey, 43% of respondents use file encryption, 39% use email encryption, 26% use whole/full disk encryption.
Other security tools used by less than half of respondents are two-factor authentication (39%), intrusion prevention (29 percent), intrusion detection (29%), remote device management and wiping (28%), device recovery (27%), web filtering (26%), employee monitoring (23%), and biometric login (12%).
And this is after everyone went WFH. You might as well just print and mail your confidential client data to any random thief or hostile foreign national. Or counsel for the other side.
Moving on, the number of firms who purchase cyber liability slightly upticked from about a third to about 38%. However, as a side note, I’m guessing that many smaller firms don’t realize that they get cyber insurance as a benefit of membership in bar associations, and particularly the OSBA. Still, far less than fifty percent of attorneys are aware enough of potential liability that they even have insurance against it.
To further contextualize this, the number of firms reporting a security breach increased from 209—from about a fourth of the firms to nearly a third of them. And also keep in mind that the people who fill out the surveys often respond that they are not enough in the firm security loop to be able to accurately report breaches, etc. For instance, 36% reported a virus infection (no, not that one), while 26% reported that they did not know if they had an infection.
Seventy percent of respondents also said that they did not feel that they experienced any loss of business from any kind of computer security breach. But that isn’t really the point, or the takeaway from this survey. The point is whether or not lawyers are making ethical mistakes that endanger their clients’ confidential information. They are and continue to do so. Shouting into a hurricane here.