First law firm faces class-action lawsuit amidst conversation about the legal industry and data security.
Chicago-based law firm, Johnson & Bell, found themselves in hot water several months ago. Class-action lawyer Jay Edelson made it his number one priority to take the legal industry and data security to task when he swore to avenge a series of data privacy complaints plaguing the industry. And he obviously meant business.
Edelson identified 15 firms with less than impressive security, one of which was Johnson and Bell. Edelson said they failed to protect confidential client information. If you can relate, you might want to do something about that. The conversation around the legal industry and data security is starting to get serious. Edelson’s suit became public in December, but this war’s been waging for a year.
The complaint raises concerns that Johnson & Bell was using a super dated time-entry system (10 years to be exact), and that the possibility for a security breach was high. It hadn’t been updated with security patches, either, and was generally stuck in the 1980’s. The suit also claimed that the firm’s virtual private network (VPN) was prone to a “man-in-the-middle-attack.” That kind of attack is used by hackers of all sorts to spy on and steal user’s sensitive information.
Edelson says clients suffered a diminished value in services, and hopes his class-action will repair the disparity between the legal industry and data security. The very basis of his lawsuit hinges on what could have happened, saying,
[Clients] are threatened with irreparable loss of the integrity of their confidential client information and further injury and damages from the theft of that information.
What’s unique about the first class-action lawsuit against Johnson & Bell is that none of their client data was actually stolen. There is just a huge potential for it to be stolen. Why is that important? Because it’s essentially holding someone accountable for a crime they haven’t committed yet. In other words, if your legal firm isn’t in-step with today’s tech, you might as well kiss your reputation goodbye. It’s that serious.
The legal industry and data security will need to start learning to hold hands, because the validity of Johnson & Bell’s cybersecurity doesn’t really matter. The law firm secured a temporary win after a Chicago judge ruled that the information must be heard individually in arbitration, not together as a class. But the damage is already done. The lawsuit itself will remain a reputational and financial risk to Johnson & Bell regardless.
Securing Your Data in the Legal Industry
So how does the legal industry and data security get on the same page? In a nutshell, by working with tech consultants who know exactly what they’re doing. True professionals will check off these basic questions:
✔ Are they assessing your current practices?
✔ Are they doing penetration tests to see how vulnerable your security really is?
✔ Is there a layered system in place that blocks attacks before they happen?
✔ What important assets are being protected?
✔ Do they provide 24×7 monitoring?
✔ Is your technology out of date?
In the legal industry, data security is not as important as saving money, a pitfall almost all firms fall into when looking at technology. Johnson & Bell’s case, however, should make every single firm ask this question: Is saving this money now really going to be worth it in the long run? We trust you can answer this.
I’m Christopher Clark reporting for ZBRELLA Technology Consulting, goodnight and good luck!