Law firms, more than other business entities, are prime targets of computer-system penetration. Law firms have access to their clients’ personal information, including heavily regulated information like health and financial information. In many instances, law firms themselves are considered associated entities as typically defined under certain data/cyber laws. Unfortunately, the operation of law firms, like many professional enterprises, is often not managed as closely or efficiently as other businesses where management is not also a direct source of revenue (the billable hour). Information technology security is often not reported as serious a concern for law firm management as, say, the maximization of associate billable hours or marketing for new clients. Read more on Cyber-Risk!
