Industry Resources

Data Security And Your Lateral Job Search

LinkedIn, Facebook, text messages, emails, smartphones, laptops and more, have made attorneys more accessible than ever. For recruiters, easy access facilitates quicker communication. For law firms, all these innovations are sources of potential data leaks.

Thirty years ago, confidential files were physical, and you would have to break into a secure site to steal its contents. Today, most confidential information is stored electronically and many firms have adopted cloak-and-dagger protocols to monitor employee communication, whereabouts, and behavior to prevent data leaks by identifying risky or clandestine behavior. Reportedly, 80% of Am Law 100 firms have experienced a data breach. These breaches span from stolen phones to phishing scams to firewalls breaches.

Law firms are popular targets for data thieves, as a secondary source of information to gather confidential documents on their major corporate clients. Law firms are often slower to adapt to modern technology. In the past, firms have modest security protocols compared to corporations and thus offer an easier avenue of access. The growth of data privacy practices indicates that law firms are starting to take the risks more seriously.

To combat these breaches, law firms have several contingencies and programs in place. Among the oldest and most widely used is email monitoring. Nothing that you type from your work email is truly 100% confidential. Law firms can access your emails at any time. So should you be wary of your firm discovering your emailed plans for making a lateral move?

According to a former high-level IT employee at two Am Law 200 firms, the answer is, not really. According to them, email inspection is not passive. To review an attorney’s emails, the firm would have to go through HR and would only do so when there was ample evidence of a crime or wrongdoing.

Does this mean that your inbox is 100% completely safe from prying eyes? In short, no. The former employee mused that a firm that was hemorrhaging laterals and was in danger of collapsing might forego their established policy to try to stem the flow of lateral movement. Other instances that have upended standard protocol are internal leaks — such as memo leaks to Above The Law — in which case the IT department would sift through all employees’ emails to find the culprit(s). Every printer also embeds a hidden tracking code onto the pages you are printing, making any publicly shared printout, possibly identifiable.

It is important to note that these policies vary by firm. Some have more laissez-faire policies while others have adopted more totalitarian measures.

Additionally, the proliferation of employee monitoring software has made it easier for firms to identify suspicious activity. The caveat here is the same tools that can detect potential data security threats, can also be used to monitor an employee’s likelihood of leaving. New employee monitoring tools can monitor everything you do on your computer. If you’re not responding to your coworker’s IM’s, or are taking longer than usual, this (in tandem with other key indicators) may tip them off that you’re looking to move. Other indicators can include things like regularly updating your LinkedIn profile.

There are many missteps that attorneys make that tips off their firm to an impending lateral move. The most common mistake attorneys make has nothing to do with emailing or web browsing. According to the former IT employee, many firms use programs to monitor several things including library checkouts.

The most telling pattern of behavior is when attorneys check out an unusually large amount of documents (usually in excess of 50) in one day that were marked as read-only, with no edits. In this case, the firm is painfully aware that the attorney is copying their library in preparation for a lateral move.

While firms have all these tools available for monitoring and detection, if you feel apprehensive about conducting a lateral search while at work, your fears are exaggerated. Not all law firm policies are made equal, but most are used to address suspicious activity, not lateral defections. Firms very rarely retaliate against an impending lateral move. As attorney mobility increases year after year and the idea of the lifer attorney is largely lost, firms see lateral attrition as a cost of doing business rather than a personal affront.

In general, use common sense when conducting a lateral search. It’s never good to tip your hand before you play your cards. Use personal accounts and devices to answer emails and calls when possible, but an initial email back to a recruiter providing your personal email is not likely to be flagged as suspicious. That being said, the safest way to start a conversation is to go old school and use your phone.