The Ethics Behind Law Firm Security

In our experiences working with various law firms we have found that most firms choose convenience over security when it comes to protecting their firm data and protecting their client information. An example of this is when everyone in an office has the same password, or passwords are never changed. The problem then lies with the ethical obligation an attorney has to their clients; in fact, there is a direct relationship between ethics and client data protection. What we have found is that due to this misunderstanding, many law firm technology systems lack proper security, their client data is at risk, and they are not living up to their ethical obligations to their clients. There are a few reasons for this, some have to do with a lack of information, others have to do with plain negligence and simply being cheap while still others are not the attorneys fault at all, they are the fault of the IT professional managing the network.

In the case of misinformation, this can be very easily understood. Attorneys are not all tech savvy, they know the law and that’s what they do. Everyone may know the fundamentals of computers and network protection, but it takes more than those fundamentals to protect client data in a law firm scenario. In this case, a firm must rely on an IT professional to not only put in place adequate protection, but explain why it is needed to firm management because again, they are not as tech savvy, and frankly, they should know why they need to spend X amount of dollars on their technology. At this point, the ball is in the IT professional’s court. Hopefully, they know what to do in order to ensure the integrity of all firm data, stopping outside attacks, inside espionage, and maintaining policies and procedures that help the firm grow instead of leaving it open for attack, lawsuit, or malpractice. This is why it’s always a good idea to work with an IT service that knows the legal industry and can offer law firm references.

Often the problem is that attorneys are working and billing, and are not focused on their data protection. In a perfect world, law firms create these policies at their firm’s inception and stick with them forever. We have a few clients who were lucky enough to find us from the birth of their firms, putting policies in place in the beginning. But we also have law firms who have gone years without any policies, disaster strikes, they lose client data, and are forced to spend funds on IT out of desperation instead of planning. Unfortunately these firms don’t understand the benefits organized IT can offer. You can’t blame these law firms, people generally buy a security system after a break-in and we assume law firms have that same mentality about spending on IT.

The ultimate idea is a proactive approach to law firm security. Productivity upholds ethical standards between client and attorney data as well as ensures the future of your law firm.