On January 31st the New York Times reported the brazen robbery of a 300-year old Stradivarius violin from the Milwaukee Symphony Orchestra’s concertmaster, Frank Almond, after a concert he had just given. What made the theft so notorious was the use of a Taser to incapacitate Mr. Almond outside in the parking lot to allow the thieves to walk off with the violin unchallenged. Mr. Almond had walked unescorted to his car carrying the violin in its case wrapped in a blanket. It had been loaned to Mr. Almond in 2008 by a patron of the symphony and its history had been proudly and publicly discussed by Mr. Almond on many occasions. By the way, did I mention that it was worth upwards of $5 million?
This story ends happily, however. After the news of the robbery was disseminated by the local, social and national media, the Milwaukee Police and the FBI’s Art Theft Program swung into action. Unbeknownst to the thieves (and this writer), as a security measure for just this type of incident, every Taser which shoots an electrically-charged probe (as was the case here) also shoots twenty-six small confetti like tags called AFIDs (Anti Felon Identification System). AFID’s are tiny plastic sheets with a unique ID number associated with a specific Taser device. Using the AFID numbers found scattered on the ground at the scene, along with tips from local citizens (there was a $100,000 reward offered), the perps were caught and the violin returned undamaged to Mr. Almond.
How does this story relate to law firm security?
1) Protect what is valuable to the firm: They may not be an historic violin but a firm’s Client List, Proprietary Documents, Client Documents and Emails are probably more valuable. If the NSA had a difficult time keeping the government’s secrets how easy is your firm making it for someone to hack the firm’s server? Last July the ABA Law Practice magazine reported the failure to maintain and implement an enterprise security program (ESP) is a major cause of loss of data in law firms.
As quoted in the story:
“We live in a world where our national security is threatened by cyberterrorists, and where private enterprise is forced to respond to cybertheft of intellectual property on a daily basis. The ABA Cybersecurity Legal Task Force is examining risks posed by criminals, terrorists and nations that seek to steal personal and financial information, disrupt critical infrastructure and wage cyberwar. When our national security and economy are threatened, lawyers will not stand on the sidelines.”
2012-2013 President of the American Bar Association
2) Assume the worst can and will happen Walking alone at night in a parking lot with a $5 million violin screams “Steal me.” Yet many law firms maintain lax or inefficient password protocols, backup protocols and internet access protocols which beg for a data theft. When was the last time your firm even reviewed the firm Password Master List. Does it even have one? Who maintains possession of it? Is access to the firm’s time, billing and accounting software secure? What about the practice management software? Who last checked if the back-up system was working? Is internet access locked down at each workstation to prevent staff from checking sports scores or shoe sales? Are the anti-virus software and Windows Security updates current?
3) Keeping quiet about a security breach is no longer an option Mr. Almond had no choice but to enlist the aid of law enforcement and the public because a) it wasn’t his violin to lose, it was only in his care and b) the violin was so famous that news of its loss could not be kept a secret. Years ago I was called in to advise a law firm about the proper use of PCLaw and to work with the firm’s accountant to determine how the former trusted bookkeeper had been able to embezzle $25,000. When I inquired about when the bookkeeper would be prosecuted for the crime the senior partner informed me that the firm would not press charges because the firm couldn’t afford the bad publicity. Instead the partners absorbed the loss. Silently. Today there are no secrets. The news of data or monetary theft would be on social media the minute any firm employee or former employee with a grudge learned of it.
Every legal software program has security features built in. Most law firms fail to utilize them to their fullest extent out of complacency that “nothing will go wrong here.” Until Mr. Almond felt the jolt of 50,000 volts from the Taser, he probably was equally confident nothing would go wrong. Fortunately, he was reunited with his historic violin.
Steve Miller, JD has provided law office productivity consulting services since 1998. He is certified in LexisNexis PCLaw®, LexisNexis Time Matters® and Amicus Attorney®.
We’d love your comments. Please click on the Headline of this post to access the Comment section.