These results from the 2018 ABA Legal Technology Survey are not at all good, given how much information is laying around law firms these days.
“Less than half of the responding firms have the following policies or plans that are important facets of a law firm’s security posture: computer acceptable use policy (41%); remote access policy (37%); personal technology use/BYOD policy (21%); incident response plan (25%); disaster recovery / business continuity plan (40%).
Only 53% of the firms have a formal policy or process to manage retention of data held by the firm, and as of 2017, only 40% have an official records retention schedule.
31% of the firms allow personal mobile devices (tablets, laptops, smartphones) to access the firm’s network without any restrictions.
Only 46% of the firms have file encryption tools, only 38% have email encryption capabilities, and only 24% have full disk encryption.
As the post below points out, firms are a treasure trove of information. Not only do they have much of the same personal, private information that every other employer has, they have the private information of their clients too.
If anyone should be ahead of the security curve, instead of behind it, that would be law firms.
Alas, this is not the case, and a huge part of the reasons for legal departments to look at bringing eDiscovery in-house. Why send your data to some place like this?