An incredible series of reports in the last few weeks have exposed the mythology of law firm data security, driving home the truth we have referred to as “The On-Premise Problem.”
First, an article from Bloomberg quotes the the FBI notifying law firms that they are “easier quarry” than corporations.
Second is this shocking – and I mean shocking – post from Forbes.com “Conversations on Cybersecurity” in which senior partners of a firm who had been hacked admit to a security consultant that they had no intention of notifying clients whose data had been stolen.
The partner is quoted as saying:
“Are you crazy? Can you think of a better way to destroy their trust in us than letting them know we had lost every document they gave us under (attorney-client) privilege?”
Finally, this article from LTN’s Evan Koblentz in which a Hacker Points to Weakness in LexisNexis Concordance, the software that is installed in over 90 percent of the AmLaw200 firms. (Big shout out to LTN for the integrity to publish it).
The lawyers I talk to willingly accept technology that is inefficient and difficult to use because they think that it’s at least safe. At the same time, they dismiss cloud-based solutions that are more secure, infinitely more scalable, and many times more accessible because they think somehow it’s less secure. But that is just not the truth.
Security is complicated subject, but the bottom line is that the right cloud provider offers levels of protection no local installation can hope to match. There are numerous bright line security standards – SAS70 Type II, PCI DSS and FISMA to name a few – that have been outlined extensively in this blog. (Check out the Security category here on Frank for an extensive discussion). These are security certifications that no law firm can hope to match.
These articles should puncture the illusion that a law firm can secure its data on a local network. The final straw man argument against the cloud – that on-premise software solutions can somehow protect your data better – has been exposed. Unfortunately, the argument has only resulted in millions of dollars spent on technology that doesn’t work, doesn’t make lawyers more efficient, and doesn’t ultimately further the cause of justice.