Do you want to hear some scary facts? In 2014, 500 million Yahoo users were compromised. In 2016, 57 million Uber customer accounts and profiles were breached, and in 2017, 143 million social security numbers were stolen from Equifax. Breaches to this scale may not happen every day, but smaller ones do. And as the prevalence of cyber threats grow, smaller companies are now being targeted at a much higher rate.
Between January 2015 and December 2016, there was an approximate 2,370% increase in identified exposed losses. Email scans were reported in all 50 states and from 2013-2016, the Internet Crime Complaint Center reported exposed losses of more than $2 billion. As privacy concerns continue to grow, governments are now instituting laws that require companies to report every incident of hacking and data breach.
Let’s take a look at the threats your firm faces, the obligations you have with your clients when you communicate through text, and how to protect yourself while you communicate in today’s day and age.
According to a Legal Technology Survey Report that the American Bar Association released in 2016, more than one-quarter of firms with more than 500 lawyers admitted they experienced some type of breach. Approximately 40% of those firms reported significant resulting business downtime and loss of billable hours. 25% recounted hefty fees to correct the problems and one in six reported loss of important files and information.
Today, 25% of all law firms have been subjected to, or experienced, some form of a data breach involving hackers. Computer-oriented crimes span a wide variety of actions, intentions, and goals, and no company is too large or too small to be affected by a cyberattack.
So why are firms being targeted? Lawyer’s handle very sensitive information for their clients, intellectual property, financial information, and legal strategies, all of which are incredibly valuable for malicious third parties.
As this continues to become a problem, rules that govern the legal industry are changing. Let’s dig deeper.
What are some of the challenges that law firms face?
Unfortunately, even with the advancements in firewalls and encryptions that we see today, people are the largest weakness in a firm’s security network. Whether it’s due to failure to follow protocols or insufficient training, social engineering hacking is on a rise.
The rise of texting is undisputed. It is our primary means of communication. 81% of Americans are sending and receiving texts, with 27 trillion texts being sent every year. According to Nielsen, on average, Americans text twice as much as they call and for Americans under the age of 50, sending and receiving text messages is the most prevalent form of communication. The need and ability to send and receive communication instantly is a primary reason for the rise of this communication method. I'm sure you're familiar with this; people want what they want and they want it now, no questions asked. Today, if it takes longer than thirty minutes to respond to a text (and even that’s generous!), some eyebrows will inevitably be raised. As this trend has evolved, advanced, and continued its way throughout the 21st century, the legal field has slowly started to capitalize on the advantages of the fast and easy communication style too.
There are three compelling reasons why lawyers turn to texting their clients as a dominant means of communication.
And if all of that isn’t enough to compel you, how about the fact that 78% of people wish they could have a text conversation with a business. You don’t have to be good at math to know that’s a lot of people.
Of course, with all this being said, there are downsides to communicating in this modern and rapid way; those being ethical obligations, confidentiality concerns, over accessibility, record preservation, and simplicity. As the legal field continues to evolve, and texting becomes more and more commonplace, there is a framework of rules that all lawyers should abide by as they continue to utilize this form of communication. Doing so, will not only enhance your customer experience but will also protect everyone from malicious third-party threats.
As a lawyer, you have a duty of competence that you must provide to your clients. Competent representation requires the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation.
Back in the 90s, when email came onto the scene, the ABA said that lawyers had a reasonable expectation of privacy in communications made by all forms of email, but they also included that the encryption of emails sent over the internet was unnecessary, despite some risk of interception and disclosure. So twenty-some years ago, you didn’t have to worry about protecting your communications. But in 2020, with the rise of breaches and personal information being exposed, the ABA adjusted its statement to include that a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. Today, it is a lawyer’s duty to keep abreast of the knowledge and changes in the law and its practice, including the benefits and risks associated with relevant technology. Now, all lawyers are required to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and inadvertent disclosure of information.
The first thing every law firm and lawyer must be able to do is to understand the nature of the threat. Being able to identify what kind of threat is being imposed will help you determine how you should communicate with your staff about combating it.
Not only should you be able to understand the potential threats, but you should also have an understanding of how your confidential information is being stored and transmitted. How does your firm store information? Are you cloud-based or on a physical hard drive?
Next, you must know how to use reasonable security measures to protect what you’re communicating with your clients. This means you also need to determine how your electronic communications and client matter is being protected. It goes further than your IT department making a unilateral decision, it’s your responsibility to make the decision to protect your clients.
Lastly, firms must train their lawyers and staff in technology and information security and conduct due diligence on vendors providing communication technology. This includes how vendors process and handle your data, whether or not it complies with your ethical obligation, vendor conflict check, and understanding how they do business. Additionally, it is important to note whether or not these vendors are storing your information overseas, what jurisdiction they have over that data, and in the event of a breach, what are the steps to mitigate or resolve the hack?
The factors to be considered in determining the reasonableness of lawyers efforts include:
As you move forward and continue to grow your firm and expand your client list, it is best practice to speak with your clients and discuss their expectations for communication. What suits them best? Are they comfortable with communicating back and forth via text and are they aware of the security risks and threats in today’s day and age?
Simple answer, yes. You may send texts to and receive texts from clients. There are no statutes prohibiting this, however, there are regulations around data security and confidentiality as mentioned above.
If you’re trying to solicit new clients via text there are some standards you must follow. For example, the first line of your text must say that what you’re sending is an advertisement. You must track who received the texts and what content they are specifically receiving. You must ensure that the prospective client is not responsible for the data costs by working with cell phone service providers and you must have a method for prospective clients to opt-out.
If all that sounds like a hassle to you, consider this: the average open rate for text message campaigns is 98%, compared to a 20% open rate for email campaigns. SMS response rates are 295% higher than phone call response rates and 75% of people wouldn't mind receiving an SMS text message from a brand if they opt-in for the service. All this data leads to the undeniable fact that texting yields the highest rate of response.
The information you handle every day is critical, because of this, firms all across the US are at risk. Any firm relying on existing non-secure messaging systems to communicate with clients is putting themselves and their clients’ confidential information at risk.
In today’s world, protecting yourself, your firm, and your clients is critical. Here are some basic measures and steps you can take to protect yourself.
To learn more, check out our blog, Data Security for Law Firms: Everything You Need to Know