Are Law Firms Putting Clients' Data at Risk

Read this recent article titled: Law firms’ inability to protect client data is a national security concern.  

One item that stood out for me in this article was that by and large firms DO NOT encrypt data that is stored at rest. If that is the case I wonder if they encrypt the data in transit, especially when they utilize their mobile communications. I suspect not.

In the Sullivan & Cromwell risk management event on Dec 1 in NYC this issue arose during a panel discussion on ransomware. If the firms' (or anyone for that matter) systems are compromised how do they communicate electronically during the crisis and avoid revealing their triage activities? Typically, they turn to mobile. But, if that channel of communications is not secure and encrypted then what?

Something to consider. Be interesting to hear what law firms are doing for securing their mobile privileged communications. What do you think?