Is Your Firm Monitoring Employees?


With the proliferation of digital communication on LinkedIn, Facebook, text messages, emails, smartphones, laptops and more, attorneys have never been so accessible. For recruiters, easy access facilitates quicker communication. For law firms, all these nodes are potential data leaks.

Thirty years ago, confidential files were physical, and you would have to break into a secure site to steal confidential information. Today, most confidential information is stored electronically and many firms have adopted cloak-and-dagger protocols to monitor employee communication, whereabouts, and behavior to prevent data leaks.

These policies may seem authoritarian — and indeed many of them are — but the rationale behind them is sound. Reportedly, 80% of Am Law 100 firms have experienced a data breach. These breaches span from stolen phones to phishing scams to firewalls breaches.

Law firms are popular targets for data thieves, but mostly as secondary sources of information. What hackers are really seeking are confidential documents on major corporations. Law firms are usually pretty conservative and that means slower to adapt to modern technology. Consequently firms have modest security protocols compared to corporations and thus offer an easier avenue of access.

To combat these breaches, law firms have several contingencies and programs in place. Among the oldest and most widely used is email monitoring. Nothing that you type from your work email is truly 100% confidential. Law firms can access your emails at any time. So should you be wary of your firm discovering your emailed plans for making a lateral move?

According to a former high-level IT employee at two Am Law 200 firms, the answer is, not really. According to my source, email inspection is not passive. To review an attorney’s emails, the firm would have to go through HR and would only do so when there was ample evidence of a crime.

Does this mean that your inbox is 100% completely safe from prying eyes? In short, no. The former employee mused that a firm that was hemorrhaging laterals might forego their established policy to try to stem the flow of lateral movement. Other instances that have upended standard protocol are internal leaks — such as memo leaks to Above The Law — in which case the IT department would sift through all employees’ emails to find the culprit(s).

Many attorneys wonder (and fret) about the fate of their inbox after they leave the firm. Upon an attorney’s departure, the IT department will typically freeze their inbox and retain partners’, associates’, and counsels’ emails for two years, and paralegal and support staff’s emails for six months. However, according to my IT source, these were kept as protection from litigation and no one would sift through the individual emails without good reason.

It is important to note that these policies vary by firm. Some have more laissez-faire policies while others have adopted more totalitarian measures. Among the more stringent policies are Wachtell’s new monitoring system that requires secretaries to report the location of their attorneys at all times. According to Wachtell, the policy is partly due to security concerns.

Other popular policies include blocking personal email and certain websites. The former makes sense from a security perspective; many email clients have looser password requirements and offer hackers easy access to attorneys with poor password etiquette.

Conspicuously missing from this block list is LinkedIn. Law firms recognize that the site is a valuable marketing tool and allow attorneys to access it to pursue clients and market their personal and firm brand. LinkedIn is also a convenient means to confer with your lateral recruiter. So while your firm may block access to your personal email, there are other, even more discrete ways to plan a lateral move, including LinkedIn.

There are many missteps that attorneys make that tips off their firm to an impending lateral move. The most common mistake attorneys make has nothing to do with emailing or web browsing. According to the former IT employee, many firms use a program called Watch Dog. The program monitors several things including library checkouts.

The most telling pattern of behavior is when attorneys check out an unusually large amount of documents (usually in excess of 50) in one day that were marked as read-only, with no edits. In this case, the firm is painfully aware that the attorney is copying their library in preparation for a lateral move.

If you feel apprehensive about conducting a lateral search while at work, your fears are likely exaggerated. That said, not all law firm policies are made equal; while some collect data only for litigation protection, others may actively search for signs impending attorney defections. Generally. personal accounts like LinkedIn are secure so long as your employer is not keylogging your work computer — which is highly unlikely. Be aware however, that firms can monitor phones and computers that they own. In general, use common sense when conducting a lateral search. Use personal accounts and devices to answer emails and calls and spread your library checkouts over several weeks to avoid suspicion.

The safest way to start a conversation is by phone. Pick it up. Dial the number. Go old school.


Please enter your comment!
Please enter your name here