Viruses are More Common at Law Firms than Encryption, ABA Survey Shows

Security Tools Used

Nearly half of law firms were infected with viruses, spyware or malware last year, according to the latest ABA Legal Technology Survey Report. At the same time, only a quarter of law firms had any kind of email encryption available for their lawyers to use, the survey found.

Also, 14% of law firms experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.

Taken together, these findings paint a sorry picture about the state of law firm security: Viruses are common; encryption is not.

Firms with virus

In the survey, 45% of respondents said that their law firm technology had been infected with a virus, spyware or malware. That was more or less the same as the two prior years (43% in 2013 and 44% in 2012) and down from 55% in 2011. Firms of 2-9 attorneys were most likely to have had a virus (51%), while firms of 500 or more attorneys were least likely (31%). Another 28% of respondents could not say whether their firm had been infected.

On the bright side, of those who reported an infection, 48% said it resulted in no business losses or breaches. The most common negative results from virus infections were downtime/loss of billable hours (42%), consulting fees for repair (37%), and temporary loss of network access (25%).

Only 6% said the virus resulted in the destruction or loss of files and less than 1% said it resulted in unauthorized access to non-client sensitive data.

Regarding email encryption, just 25% of law firms have it available, according to the survey. It is more commonly used at larger firms and least likely to be used at solo and small firms.

However, among lawyers who affirmatively say they use email to send privileged or confidential communications, the use of email encryption is slightly higher — 35%. By far, the most common “security precaution” taken by lawyers who send privileged emails is to insert a confidentiality statement in the email. Seventy-three percent of lawyers rely on these statements to protect email confidentiality.

Security Breach

As for security breaches, they were most common at firms of 10-49 lawyers (19%) and 500 or more lawyers (17%). Among solos, just 12% reported a security breach.

For the most part, these breaches resulted in no business disruption or loss, although 26% said the breach caused downtime and loss of billable hours. Eight percent of the breaches caused the destruction or loss of files, but just 1% said it resulted in unauthorized access to sensitive client data. In 5% of the cases, the firms notified clients of the breach.

Some other interesting findings pertaining to law firm security:

  • 56% of respondents said their firm has a disaster recovery or business continuity plan, while 21% did not know whether their firm had such a plan.
  • The most common form of data back-up is an external hard drive, followed by offsite backup and online backup. Some 10% of firms use USB drives for back-up and 6% use CDs.
  • Half of all firms back up their computer files daily. Another 15% back up more than once a day.

About the Survey

The Legal Technology Survey Report is edited by Joshua Poje, director of theLegal Technology Resource Center.  It is published in six volumes. Each volume can be purchased for $350 or, for ABA members, $300. The volumes are:

combined edition can be purchased for $1,800 or, for ABA members, $1,550.