Nearly nine in 10 Canadian lawyers plan to increase cybersecurity resources within their firms in order to keep sensitive data safe from breaches, which is a growing concern for the profession in 2019, show recent statistics.
Robert Half Legal conducted a survey asking more than 150 full-time lawyers in Canada if their law firm plans to “increase or decrease its budget on cybersecurity-related tools and services in the next 12 months,” and 87 per cent of those surveyed say they plan to either slightly or significantly increase these resources.
“Considering the high volume of personal and sensitive information they maintain, law firms and law departments recognize they are a particular target for cyberattacks,” says lawyer Charles Volkert, senior district president at Robert Half Legal. “In the wrong hands, this valuable and confidential information could prove costly to any organization and cause irreparable damage to their brand and reputation, not to mention the fact that if a law firm loses a client’s confidential data to an attack, it could face serious legal and ethics violations as well.”
The report found that 34 per cent of lawyers plan to significantly increase their budget on cybersecurity-related tools and services, 53 per cent say the budget will somewhat increase, 11 per cent say it’ll neither increase nor decrease, zero per cent say it’ll decrease and two per cent say they don’t know.
In the similar 2017 version of the survey, only 35 per cent of lawyers had answered that they were looking to increase cybersecurity budgets and measures — that’s roughly 52 per cent fewer respondents than what’s currently reported.
Cybersecurity resources are both human-based and technology-based. For instance, a firm might hire extra IT staff and cybersecurity consulting experts to assist in this area, as well as providing staff with cyber-awareness training as a learning opportunity. Additionally, firewalls, threat-monitoring and detection, ongoing security assessments and encrypted email transmission are some technological defences to prevent data breaches.
It’s imperative that firms work closely with IT departments and other consultants, in conjunction to having tech-based solutions, he says.
At Torkin Manes LLP in Toronto, partner Lisa Lifshitz says the firm’s clients demand bolstered security, given that lawyers are often the targets of data breaches due to the confidential nature of their work.
“In my mind, [cybersecurity] is part of doing business in 2019,” says Lifshitz.
Ensuring external vendors secure their data is top of mind at her firm. She says it’s the firm’s responsibility that the external vendors used are cognizant of cybersecurity threats and that the products and services Torkin Manes procures have the required protections. This due diligence is sought by clients, and it ultimately impacts the firm’s bottom line.
By law, firms cross-country are subject to the Canadian privacy regime, including the Personal Information Protection and Electronic Documents Act. The push for these protections might also come from other global efforts, such as the European Union’s General Data Protection Regulation or the California Consumer Privacy Act, which are examples of laws placing onus on companies to protect consumers’ personal information.
“Legal organizations are required to take stewardship to maintain GDPR compliance, ensure appropriate collection, processing, storage and sharing of data during eDiscovery, develop and monitor policies, practices and systems for ongoing confidentiality, integrity, availability plus resiliency,” says Volkert.
In-house counsel also play a “critical and expanding” role in maintaining these standards for their organizations,” he adds. They need to monitor ongoing legal compliance within the company, with departments such as human resources, marketing, IT/security/privacy and other business specialists to optimize the security of sensitive data, and brace themselves for potential attacks.
Although the survey suggests few to no firms refuse to adopt cybersecurity measures, Lifshitz says some reluctance might be present for smaller firms or those who don’t possess the budget for digital protections.
Data breaches cost firms enormous amounts of money (such as when an associate at Dentons Canada LLP mistakenly transferred $2.5 million in a phishing scam); however, smaller operations might not always be able to afford the protections to prevent data breaches or scams from occurring. Perhaps, for more lawyers who are of the old-school mentality, cybersecurity isn’t top of mind — but she says it should be.
“You certainly can’t pick up a newspaper or read news online without reading about a massive data breach or concerns caused by viruses. You can’t help but see stories around this,” says Lifshitz. “There’s a question of connecting the dots to your organization and your clients.”