For the Defense: Cyberthreats Prompting Firms to Tighten Access to Clients’ Records

November 14, 2014 – In The News
Pittsburgh Business Times

James Singer was quoted in the Pittsburgh Business Times article, “For the Defense: Cyberthreats Prompting Firms to Tighten Access to Clients’ Records.” Full text can be found in the November 14, 2014, issue, but a synopsis is below.

The Pennsylvania Bar Association’s committee on legal ethics issued several opinions to help guide law firms on how to protect clients’ confidential information.

A few steps that law firms can take to guarantee their data remains safe include the use of fire-walls, secure data backups, encryption of confidential information, electronic audit trial procedures that track who is accessing confidential data and training employees who use external access portals on password protection and other security policies.

James Singer, chair of Fox Rothschild’s intellectual property department, explains that word processing programs such as Microsoft Word use meta data to preserve a document’s revision history. The history may include confidential comments and notations not intended for public release that attorneys are responsible for removing before sending to third parties.

Many clients are requiring their lawyers to undergo cybersecurity audits as a condition of receiving work, noted Singer. This is especially common in the financial sector because regulators are pressuring banks to ensure data security.

“The banks are in turn directing that pressure to their vendors – including law firms,” said Signer. “The banks not only require law firms to comply with specific data security procedures, they also are auditing the firms’ compliance with those procedures.”

Singer believes law firms are less likely to have as many large-scale data breaches as consumer-oriented data breaches as consumer oriented companies.

“A reason for this may be that law firms have fewer points of access for hackers,” he noted. “We don’t have point-of-scale credit-card readers, online shopping carts or other consumer-facing portals that can be breached.”

“On the other hand, when it comes to safeguarding confidential information from unauthorized internal access, law firms face many of the same issues that other companies do,” Singer explained. “Just as a consumer-facing business may hold confidential data about thousands of consumers, a large law firm may hold proprietary and sensitive information thousands of its clients.”