When you work with a lawyer (or a financial advisor or accountant, for that matter), you almost certainly hand over a lot of confidential information. It may include things like account numbers, birth dates, your social security number, family members’ names — in short, everything necessary to steal your identity.
This could be a problem.
Above the Law’s Joe Patrice called law firms, “the soft underbelly of American cyber security.” At this year’s LegalTech conference, FBI computer security expert Mary Galligan said that “hundreds of law firms” are being targeted by hackers. Giving confidential to your lawyer could be a big problem, in other words.
Something like half the lawyers in the United States work in solo or small firms. One of the hallmarks of solo and small firms is low overhead, which means no money for an IT department. These lawyers have to manage data security themselves, and few are competent to do so. Smart solos and small firms find ways to outsource security to contractors or by using secure cloud services. Due to confusion about the cloud and lack of knowledge about security, though, many lawyers don’t actually do anything beyond setting an operating system password — which, let’s be honest, is woefully insufficient.
I think it is time for clients to start taking an interest in data security. You don’t need to be a security expert yourself to find out if your lawyer, financial advisor, or accountant has basic competence. All you need to do is ask a simple question.
Just ask your lawyer, financial planner, or accountant how their client data is secured.
If their answer is some version of “I don’t know,” confusion, or something non-responsive, find someone else. If their answer indicates they have actually considered security and have made some conscious choices, you are probably in much better shape than most clients.
There are a lot of different ways to secure client information, and many levels of security. If you have some data security expertise, definitely use your knowledge to make sure you are comfortable with your lawyer’s security precautions. Otherwise, ask a few questions to see if your lawyer has even considered data security.