How Law Firms Can Train Employees to Protect Client Data
In 2017 alone, more than one in five law firms experienced a data breach, proving the need for heightened protection of customer data in law firms across the nation. Not only is protecting sensitive information essential in compliance, but it also impacts client loyalty. In fact, 83 percent of Americans say that security is a contributing factor when deciding which law firm to work with.
Outside of client loyalty, firms should be concerned with the impact a data breach will have on their bottom line — 37 percent of law firms that experienced a breach reported a loss in billable hours, and 28 percent incurred hefty fees for correction. Yet, most law firms do not have information security protocols or employee training in place to safeguard physical documents and electronic devices that contain clients’ confidential information. Namely, one in four law firms (26 percent) have never trained their staff on information security policies or do not have information security policies in place.
Law firms are going through a modernization to improve the client experience, but this comes along with new challenges and new threats to clients’ confidential information, as well as new processes for employees. As of 2017, 95 percent of law firms were not compliant with their data governance and cybersecurity policies. With sensitive information — as well as business on the line — there’s no question that law firms need to implement a strategy to step up their security policies, and this strategy includes a major training overhaul for employees. Let’s explore how law firms can train their employees to help protect client data.
TRAIN EARLY AND PROVIDE REINFORCEMENT
Waiting for a data breach to occur in your firm is the wrong strategy when it comes to teaching employees security protocols. If possible, incorporate a training process into your onboarding process for new hires, and hold all-staff training sessions on a regular basis to update employees on new protocols and remind them of current policies. Using real-world examples and practical tips for information security is the key to keeping employees engaged in the training, as it provides context for the gravity of data breaches and helps employees retain the training information.
PROVIDE GUIDANCE ON NEGLIGENCE AND DOCUMENT DESTRUCTION
The more employees a law firm has, the higher the risk of employee negligence that may cause a data breach. Employee training for data security must include teaching employees how to identify negligent, unethical or malicious behavior, while also encouraging them to take action if client data is at risk.