|Commentary authored by Stroz Friedberg Digital Forensics Expert Erin Nealy Cox and published in the Texas Lawyer Newspaper |
Spot the Iceberg With the Right Question
|September 3, 2012 11:59 pm|
There's one more question a general counsel must ask propective outside counsel: "Tell me a little about how your firm secures your network and the confidential information that we'll be sharing with your lawyers."
Lots of firms try to sell their services to general counsel. Let's say the GC is talking with a global mergers-and-acquisitions practice group leader who's pitching his firm. All his answers to questions about transaction philosophies, fee structures and contingencies make sense.
There's one more question the GC must ask: "Tell me a little about how your firm secures your network and the confidential information that we'll be sharing with your lawyers." That's the moment when a firm will reveal itself to be a potential lifeboat or an iceberg.
Firms are a ripe target for hackers. Why? Firms are massive repositories of confidential and proprietary information, and they are not exactly Fort Knox when it comes to their networks. Targeting firms is not a new idea. Going back to Nov. 17, 2009, the FBI's website published a warning, "Spear Phishing E-mails Target U.S. Law Firms and Public Relations Firms."
The appeal of the firm to hackers might be due to the fact that firms are run by lawyers who aren't, as a group, extremely tech-savvy. Or maybe it's because firms haven't seen a need to devote the resources to the issue.
If a GC does not want to see her company's sensitive information exposed, she must ensure her outside counsel take reasonable precautions. While firms have been hacked, the public has not seen the kind of embarrassing data breach at a firm that causes real economic and lasting reputation damage. But like it or not, that incident is coming.
Firms that are serious about client service need to ditch the cavalier attitude about computer network security and button up their network to protect against the very real threat of hacking. A GC's due diligence should include hard questions about whether outside counsel are ahead or behind the curve.
Copyright. ALM Media Properties, LLC.
Send this page to a friend