How Does our Security Measure Up?

  • April 01, 2016
  • David J. Bilinsky

Looking at the numbers

ABC
Easy as 1-2-3
Or simple as
Do re mi...

- Music, Lyrics and recorded by: A. Mizell, B. Gordy Jr, D Richards,
D Lussier, F Perren, recorded by the Jackson 5

David BilinskyIt is always informative to check yourself against a benchmark to see how you are doing. The American Bar Association has been conducting the Legal Technology Survey for many years. In 2015, they sampled 90,000 lawyers in total, divided between six questionnaires. Demographics: 30% of the lawyers are solos, 30% at firms 2-9 lawyers, 16% at firms 10-49, 7% at firms 50-99, 9% were at firms 100-499 and 9% 500+. This is a look at a few of the stats pulled from the 2015 Survey. While the results are American, I know of no equivalent Canadian survey, I believe they are very useful given the broad sample base and believe they would be similar to results obtained in Canada.

In terms of legal tech, on average, respondents spent $4,673 per lawyer on law firm software, compared with $4,497 in 2014, $4,650 in 2013, and $4,203 in 2012. Thirteen per cent report annually spending $10,000 or more.

Respondents are asked what percentage of their law firm’s IT (information technology) function (e.g., maintenance, administration, infrastructure, resolving computer problems) does their firm outsource. On average, respondents’ firms outsource 46% of their IT function, compared with 49% in 2014, 51% in 2013, and 45% in 2012.

Considering the number of viruses and threats to IT systems, it is very interesting to look at the security and tools in place at firms. Forty-two per cent reported being infected with a virus, spyware or malware. Twenty-three per cent said they didn’t know. Forty-seven per cent did not have a security breach incident response plan in place.

Seventeen per cent stated that they had experienced a natural or man-made disaster such as a fire or flood.

Yet, when it comes to protecting the firm, the results are surprising. Encryption is in use at 41% of the firms; a Firewall (hardware) in 52%, Virus scanning (network) in 61%, Virus scanning (email) 68%, Anti-spyware 78%, Firewall (software) 79% and spam filtering in 87%. Mandatory passwords use is only 65%. It is simply unbelievable that these numbers are not much closer to 100%.

Eight-one per cent of firms allow BYOD [bring your own device] with only 52% having access restrictions; 29% have no restrictions at all when connecting a personal device to the office network.

Not surprisingly, 15% of respondents report that they have experienced a security breach at their firm; 23% said they didn’t know. Of those who have experienced a breach, 30% reported downtime/loss of billable hours, 29% reported replacing hardware or software, 22% paid consultant fees for repairs and 18% had resultant destruction or loss of files. Seven per cent experienced unauthorized access. Only 5% of respondents notified clients of the breach. Forty-nine per cent of respondents stated that they had a disaster recovery plan/business continuity plan in place. On the good news front, less than 1% of respondents stated that their firms didn’t back up their computer files in one way or another. However, 13% only backed them up weekly, 5% monthly and 2% quarterly.

The numbers tell a story; in this case it is that we could be doing a lot more to protect those valuable office systems and the confidential client and sensitive office data therein. Its as easy as 1-2-3.

The full survey of six volumes: Technology Basics & Security, Law Office Technology, Litigation and Courtroom Technology, Web and Communications Technology, Online Research and Mobile Lawyers can be bought individual or as a set from: lawtechnology.org.

___________________________________________________________________________________________

The views expressed herein are strictly those of David Bilinsky and do not reflect the opinions of the Law Society of British Columbia, CBABC, or their respective members. 

David J. Bilinsky is the Practice Management Advisor for the Law Society of British Columbia.
Email: daveb@lsbc.org
Blog: thoughtfullaw.com