Transforming Law Firm Culture to Ensure Information Security

Lawyers handle some of the most sensitive documents and communications imaginable, and yet law firm culture does not adapt well to the rapid changes in technology that define the world today. American law is built on precedent, where wisdom finds roots in stare decisis, so by nature, the mindset of lawyers is to embrace history for guidance and resist change. But those days are gone. It is time for law firms to transform their culture to ensure information security in a modern age.

Attorneys born prior to 1967 grew up in a time when the words Internet and Internet Protocol (IP) did not exist. Theirs was a paper world driven manually via word processors, copy machines and faxes. They dictated letters and legal briefs that were transcribed by legal secretaries and word processing departments. Documents were hole-punched and fastened into folders and stored in fire-proof metal file cabinets located non-securely throughout the office. Closed files were boxed up and manually delivered to closed storage facilities in some warehouse.

Over the last two decades, everything has changed for lawyers and their firms. The internet, email, smartphones, text messages, and other electronic communications now demand our attention. Ethical requirements and government regulations demand that sensitive information be protected from breaches (hacks) and inadvertent electronic disclosure. Changing the culture of law firms when it comes to information security has less to do with age and generational differences and more to do with acknowledging and accepting the current environment.

In the 2019 world, 6.2 billion people have internet access and two-thirds of the world have mobile-phone connections. Trillions of dollars are transferred online daily, from Swift transfers to PayPal and bitcoin and bank card information being omnipresent. Virtually all confidential client information is stored on hard drives or in clouds and communicated digitally via emails, flash drives, and numerous sharing protocols like Dropbox and Google Docs. As protectors of a free society's confidences, secrets, and intellectual properties, it is time for law firm culture to be transformed so that all lawyers become the technology leaders of the future

Generational differences aside, the ABA, state bar associations, and governmental agencies today demand that all attorneys become knowledgeable in protecting sensitive information. Stare decisis-thinking does not apply to communications in a modern age. Law firms of all sizes must recognize their risks and commit to understanding new and developing technology, as they inexorably impact every aspect of legal business today. No client relation can exist without it. And no law firm can allow itself to be viewed as a dinosaur from a past era.

The drums are beating loudly, by now all lawyers should know that ABA's Rule 1.1 requires a lawyer to be knowledgeable, competent, thorough, and prepared as to cases undertaken. Comment 6 obligates a lawyer “to keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.” Today, over 30 state bar associations have adopted similar requirements, but bar mandate requirements should not drive a law firm's commitment to protect data, firms must incorporate technology competence and information security as part of their brands.

Every week a new data breach impacting millions of users hits the headlines. Facebook's quagmire with Cambridge Analytica on the 2016 elections, Marriott's acquisition of an elite hotel chain whose database came with an undetected mega-virus, and all the retail outlets (Macys, Kmart, Sears, Best Buy, Sax Fifth Avenue) that were viciously hacked in 2018 put law firm clients at the beachhead of the info security battlefield. But how can these companies feel secure in addressing their risks when their legal professionals are viewed as outdated dinosaurs?

To reach the same page as their clients, law firms and lawyers must embrace technology. A culture of minimal adequacy is not the way to forge the future and instill confidence. Though not required by any ABA ethical rules, encryption, differential sharing, differential access, color-coded privilege protection, cradle-to-grave monitoring of private and privileged information all must be incorporated into the fabric of every law firm.

Law firms need holistic security protocols and mindsets addressing security at every level. In a global world connected by the WWW, clients everywhere are using technology to provide products and services worldwide. And law firms are increasingly communicating with clients, experts, freelancers, virtual offices, and employees on an international stage.

The New Year has just arrived. Why not make your number one New Year's resolution the transformation of your law firm's culture to ensure the highest possible level of technological competence and information security?

Christopher C. Combs is the CEO of WindTalker, Inc., the developers of Distributed Sharing software that protects, redacts, and safely shares sensitive and privileged content for the lifecycle of the document. WindTalker's patented technology provides one central place to manage document, data and content security. The company was founded in 2016 and is based in Atlanta, Georgia. Michael Lester is the CTO for WindTalker, Inc. Mike has worked in the Information Systems industry for over 20 years as a consultant, instructor, and author. He has written books and courses on Information Security, Digital Forensics, Encryption, and Penetration Testing, and has taught courses in almost every state in the US, often at military bases.