Did you hear that EquiFax recently experienced a data breach that affected millions of Americans?
Of course you did! You’d have to be living under a rock to have not heard about it. And, as we all know, chances are you were personally affected. Especially since the latest news reports state that the breach affected 2.5 million more Americans than originally thought, bringing the total to over 145 million.
Of course, the EquiFax breach is a little bit dramatic - it is the largest data breach in history. However, breaches like this happen every day. In fact, they happen constantly. Check out this awesome, yet startling, infographic from IT Security Central that shows you how many records are being stolen as you go about your day.
As you may be dealing with the EquiFax fallout as a consumer, it’s also important to turn your attention to your firm. Could your firm be next? Absolutely. It could. While there is no fail-proof way of preventing a data breach, there are many steps you can take to protect your firm. After all, in Equifax’s case, it appears that simply running a patch for an open vulnerability could have prevented this event.
Think about it - your firm’s data is quite lucrative. Think of your major corporate clients and the deals and transactions that they partake in. This is appealing information for cybercriminals. Savvier than ever, many cyberthieves have identified law firms as an easy place to access the data that they are looking for. After all, many corporations have much stricter security protocols and larger teams to manage them than the firms that they work with. Are you nodding your head? Has it happened to you or someone you know in the industry? According to a recent article published by the American Bar Association citing ABA's 2016 Legal Technology Survey Report, “More than one quarter of firms with more than 500 lawyers admitted they experienced some type of breach. Approximately 40 percent of those firms reported significant resulting business downtime and loss of billable hours, and approximately 25 percent recounted hefty fees to correct the problems. About one in six also reported loss of important files and information.”
It’s happening in part due to the type of information held by law firms mentioned above and in part to inadequate security protection. While you can’t control the former, you can control the latter if you look at what happened with EquiFax as well as the prevalence of data breaches within the legal industry, you should be doing everything you can to protect your firm. Failing to address security with the utmost concern will leave your firm vulnerable.
Not only is it an ethical obligation to protect your clients’ data, but failing to implement the highest security standards can leave your firm subject to lawsuits and client attrition. Nothing good comes from failing to plan and take the necessary actions. Speaking “necessary actions,” I’d be remiss if I were to fail to mention that the key reason that EquiFax is subject to so many lawsuits as a result of this breach is that they failed to notify those affected right away. Notification is a key component of any data leak. Prevention is one thing, but once a breach happens, you need to know which action to take and follow-through with proper notification of affected parties. Do you wish to avoid that uncomfortable conversation with clients? Then again, prevention is your friend.
At Bellefield, security is our top priority. That’s why we never store data that runs through iTimeKeep on mobile devices. This is something that you should consider as you engage with mobile app vendors. If the app you are using or considering stores data locally on a device - run!
So, what can you do? Check out these blog posts on how law firms can protect from a data breach:
If nothing else, the EquiFax breach should be a major wakeup call for all firms to take all steps possible to protect their firms from a data leak.