Law firms anxious around hacking threats, report finds

With a big focus on the Ashley Madison hack, law firms are showing increased anxiety around external threats to their computer systems, a new report has found.

Perceived greatest security threats (Source: Digital Defense)The report, prepared by Digital Defense Inc. as the International Legal Technology Association conference gets underway in Las Vegas this week, examines the North American legal industry’s information security practices. While the focus is largely on the United States, the more than 150 firms that participated also included responses from Canada.

“I think they’re very applicable to the Canadian market as well,” says Meg Grant, a vice president of Digital Defense, of the study’s findings. Her company provides businesses with security software and consulting services.

According to the report, external threats such as hackers have replaced malware as the biggest perceived security threat. As for law firms’ top information security concerns, they range from employee negligence to phishing attacks and viruses.

Despite the concerns, the study found 65 per cent of the law firms that participated have no staff devoted to information security, with 31 per cent of them reporting budgets for the issue in the range of $10,000 to $50,000. The study covered a range of law firm sizes with 36 per cent of them employing less than 150 people.

In terms of law firms’ actions to deal with security threats, the study noted a couple of areas of concern. The biggest is around vendor management, in particular the lack of an evaluation process. According to the study, 63 per cent of respondents don’t use a vendor evaluation process.

The most concerning threats including the top three: 1. employee negligence, 2. phishing/sishing, and 3. virus, worm, and malware threats. (Source: Digital Defense)“A lot of breaches are a result of phishing attacks not only on employees but on third-party contractors,” says Grant.

“I would say that would be something that firms would really want to evaluate,” she adds, citing the need to ensure vendors meet criteria around issues such as access to law firms’ networks and information.

When it comes to firms’ responses to security threats, the most common one is information security training for employees followed by encryption and intrusion detection.

“That’s a positive trend because that’s a big target for hackers,” says Grant of the vulnerabilities around employees.

Firms commonly conduct such training once a year or when hiring new employees. A further 11 per cent of respondents have no training programs around information security.

While the Ashley Madison hack is the big issue of the day, of course, Canadian law firms have suffered significant breaches in the past. In April 2011, hackers attempting to access sensitive documents targeted four Canadian law firms by posing as partners who were working on an acquisition of a Chinese company.

Overall, Grant says she has seen some improvements in law firms’ responses to the issue but notes what’s key is dealing with the issue on a regular basis.

“You have to have a program in place,” she says.

Free newsletter

The Canadian Legal Newswire is a FREE weekly newsletter that keeps you up to date on news and analysis about the Canadian legal scene. A separate InHouse Edition is delivered every two weeks, providing targeted news and information of interest to in-house counsel.

Please complete the form below to receive the weekly Canadian Legal Newswire and/or the Canadian Inhouse Legal Newswire.

Recent articles & video

Daphne Dumont to receive CBA’s Cecilia I. Johnstone award

Quebec taking harsh line on cannabis edibles

Will the conversation catalyzed by the Law Society of Ontario mean the end of articling?

Copyright law: set for an overhaul?

Corporate Counsel Survey 2019 closes on Monday, Aug 26

When Legal Aid is a political prop, Access to justice suffers

Most Read Articles

Canadian Judicial Council seeks leave to SCC in Girouard case

The Ontario government is destroying university legal clinics

Quebec taking harsh line on cannabis edibles

Will the conversation catalyzed by the Law Society of Ontario mean the end of articling?