Risk Update

Information Risk — Clouds, Information Security, Client Concerns & Law Firm Data Breaches

Pa. Examples Show How Vendor Data Breaches Are Putting Law Firms at Risk” —

  • “While law firms are often considered a weak point in the security of corporations’ sensitive information, firms or their employees have frequently suffered potential leaks through their own third-party vendors, according to Law.com’s investigation of law firm data breaches across the country. The breaches that law firms reported to state authorities varied in severity, and some incidents were unrelated to the strength of the law firm’s cyber defenses and didn’t risk or relate to client data.”
  • “The Law.com investigation also revealed that three Pennsylvania firms—Philadelphia-based Blank Rome and Goldberg, Miller & Rubin, as well as Pittsburgh-based Cipriani & Werner—reported breaches, albeit not in Pennsylvania. All three of those incidents involved vendors as the access point.”
  • “At Blank Rome, it was an outside accounting and consulting firm; at Goldberg Miller, it was a vendor contracted to maintain the firm’s electronic files ‘for backup and disaster recovery purposes’; and at Cipriani & Werner, the breach was believed to have originated with an online portal set up by a payroll software vendor.”
  • “Jon Washburn, the chief information security officer at Stoel Rives, said the legal community has become more attuned to the risk of vendor threats, with many firms ramping up their efforts to address third-party risk. Some law firms now require that vendors that access, store, process or transmit confidential information be able to demonstrate through certifications or reports that the vendor has strong controls in place to reduce the risk of a data breach, Washburn said.”

Lawyers are failing at cybersecurity, says ABA TechReport 2019” —

  • “‘In fact, the results are shocking and reflect little, if any, positive movement in the past year or even in the past few years,’ reads the article on cybersecurity released Wednesday. ‘The lack of effort on security has become a major cause for concern in the profession.'”
  • “Since 2018, the number of respondents reading vendor privacy policies fell from 38% to 28%. While a mere 23% investigated a vendor’s history, even though 94% said vendor reputation mattered when deciding who to contract with.”
  • “Among other findings, the 2019 survey reports that lawyers using cloud-based technology increased slightly, from 55% to 58% since the 2018 report. Only 25% of respondents reported that they are reviewing ethics opinions related to cloud technology. Ironically, the survey indicates that lawyers are tepid about the cloud because of cybersecurity concerns.”