The complete fallout from the recent Sony hacking scandal is not yet known. Stolen data continues to be released by the hackers, with each new week further embarrassing Sony and many of those who do business with the media/tech giant. There are many lessons for law firms in the Sony hacking scandal.
The best summary I've seen appeared in an article on the Entrepreneur website, which outlines five lessons:
1. Privacy is a thing of the past.
2. Don’t badmouth your clients or coworkers.
3. Your professional work depends on personal relationships.
4. Written communication has its limits.
5. No industry is as glamorous as it seems from the outside.
Of these, only the fifth lesson is mostly irrelevant to law firms. We already know that the practice of law is mostly unglamorous, occasionally punctuated by moments of sheer terror. The first four lessons, however, cut to the core of what lawyers and law firms do. Read the Entrepreneur article for a concise explanation of each lesson.
I want to focus here on one lesson not mentioned in the article. Lost in the hysteria over the Sony hacking is the fact that it was Sony’s locally maintained servers, not Cloud storage, that was hacked. This is the equivalent of hackers compromising the data stored on a law firm's server housed at the firm's brick and mortar office. Sony's collection of movie scripts that were stored with a Cloud-based service was not compromised. Scripts stored locally, however, were obtained by the hackers.
A strong argument can be made that, of all the ways a law firm can store data, keeping it on a local server is the least, not most, secure. Solo, small, and medium-sized law firms (and even multinational corporations) don't necessarily have the skill or resources to adequately protect data stored locally. Shifting that data to the Cloud, particularly with companies that have experience storing and protecting sensitive data, may be the best way a law firm can protect its confidential client data and meet its ethical obligations. Change is hard, but don't let an irrational fear of the Cloud prevent you from selecting the most reliable and secure data storage available to your firm.