Five lessons for law firms from the Sony hacking scandal

Emails hacked​By Scott Bassett

The complete fallout from the recent Sony hacking scandal is not yet known. Stolen data continues to be released by the hackers with each new week further embarrassing Sony and many of those who do business with the media/tech giant. There are many lessons for law firms in the Sony hacking scandal.

Many of the lessons are in the area of business and interpersonal relationships. The best summary I've seen appeared in an article on the Entrepreneur website. In summary, they are:

1. Privacy is a thing of the past.

2. Don’t badmouth your clients or coworkers.

3. Your professional work depends on personal relationships.

4. Written communication has its limits.

5. No industry is as glamorous as it seems from the outside.

Of these, only the fifth lesson is mostly irrelevant to law firms. We all know that the practice of law is mostly unglamorous, occasionally punctuated by moments of sheer terror. The first four lessons, however, cut to the core of what lawyers and law firms do. Read the Entrepreneur article for a concise explanation of each lesson.

One lesson not mentioned in the article, a lesson that is the focus of this post, relates to technology. Lost in the hysteria over the Sony hacking is the fact that it was Sony's locally maintained servers, not Cloud storage, that was hacked. This is the equivalent of hackers compromising the data stored on a law firm's server housed at the firm's brick and mortar office. Sony's collection of movie scripts stored with a Cloud-based service were not compromised. Scripts stored locally were obtained by the hackers.

A strong argument can be made that of all the ways a law firm can store data, keeping it on a local server is the least, not most, secure. Solo, small and medium-sized law firms (and even multi-national corporations) don't necessarily have the skill or resources to adequately protect data stored locally. Shifting that data to the Cloud, particularly with companies that have experience storing and protecting sensitive data, may be the best way a law firm can protect its confidential client data and meet its ethical obligations. Change is hard, but don't let an irrational fear of the Cloud prevent you from selecting the most reliable and secure data storage available to your firm.

Content courtesy of the Affinity Consulting Blog.

Want to find out more? Download the OSBA CLE Cybersecurity Law Institute eBook (free

if you registered for one or more in person or self-study OSBA CLE seminars this calendar year).



Staff Directory

Contact Information


8 A.M. - 5 P.M.
Monday - Friday