You’d think, among all types of businesses, that law firms would be at the front of the pack in having a data security policy. After all, law firms regularly tell their clients how important it is to have effective policies in place for legal compliance and risk management. And law firms certainly possess large volumes of valuable data, such as confidential client information and individual’s personal data, and are subject to a daunting array of security threats. But as the saying goes, all too often the cobbler’s kids have no shoes.
How shoeless? Results from the 2017 ABA Legal Technology Survey are grim. Less than half of the responding law firms have the following policies and plans, which are crucial to a firm’s security posture:
- computer acceptable use policy (48%);
- remote access policy (45%);
- disaster recovery/business continuity plan (42%)
- incident response plan (26%); and
- personal technology use/BYOD policy (24%).
This is astounding, especially given the compelling reasons for law firms to put data security policies in place.