Law firms have long held the position in our society of being problem solvers. They untangle the mess of business and create rules for society. Since their inception, law firms have devoted significant resources to ensuring the best representation of their clients. But now there are new threats that law firms face beyond the practice of law, namely data breaches and cyber-attacks, and they must begin to devote sufficient resources to ensuring the security of their clients’ data. If a firm is breached, its client files may inadvertently end up on a file server in China, Brazil or perhaps Russia, and in the hands of investigative journalists, government officials, corporate rivals or worse. One need look no further than recent headlines detailing the Panama Papers scandal or the recent string of law firm data breaches to know that there is a looming threat, and it must be addressed.

Consider the following hypothetical: A global law firm did not have proper access controls for different employees, which allowed for any employee to access the highly sensitive data of all the firm’s clients. One day, a new associate decides to poke around the firm’s high-profile client files. This employee is shocked at what he finds: The firm has been helping its clients move funds offshore and hide billions of dollars. This young, idealistic attorney decides to collect and leak all of the firm’s files related to this issue and is surprised to find that he has nearly unlimited access to the firm’s client data. After the leak, the firm – and the world – is scrambling to figure out what happened, and how millions of confidential documents were leaked to the public, as well as how to stop the leak, and control the subsequent reputational fallout to both the law firm and its clients.

To read the full article, go to Thomson Reuters.