Extract from Brian P. Piatek’s article “Mitigating Risks at Professional Service Firms Using Artificial Intelligence”
Each day, law firms, accountancy firms and corporate law departments are bombarded from the outside and the inside by threats. Threat management has become a full-time task. In mitigating external threats, firms have added layer upon layer of protection such that their security resembles an onion in trying to protect the intellectual property of both firm and clients.
Internal threats are both more difficult to pinpoint and less often reported. The tools law firms had available in the past for their discovery were generally too weak to detect data loss in real time. Only a detailed forensic analysis was able to determine the scope and breadth after the fact. Often firms are simply not aware that documents are being purloined until it becomes evident through social media or by other actions of personnel who have left the firm with documents.
It is not unusual for attorneys to move from firm to firm, but there is an accepted method of transferring documents when leaving a firm in which the client needs to authorize the data transfer. However, sometimes documents are purloined without permission: an employee copies them to a USB drive, a flash stick or even emails them to a private address. Those documents of interest, the “juicy” documents, the billing records of a case and more can all be used or even sold to other parties. Occasionally, a person leaving a firm will even ask another employee to gather the data for them. These all constitute data leaks. A forensic expert can likely determine the extent of the data leak at a very high cost, but so far, only after the fact.