The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/938151
9 WWW.ILTANET.ORG BEST PRACTICES Keeping Your Firm Out of Cybersecurity Headlines a data breach that compromised records. Notably, the category of "services," which includes law firms and legal services, experienced the largest increase in per capita cost of data breaches. The year also saw a number of new rules come into effect that emphasize aorneys' ethical responsibility to protect client data. The New York State Department of Financial Services imposed stricter information safeguards on lawyers in that industry. The New York Law Journal summed up the impact of the new requirements this way: "Those firms that can meet the regulatory and client expectations for cybersecurity will get or retain the business, and those who don't, won't." In June, the ABA Standing Commiee on Ethics and Professional Responsibility issued Formal Opinion 477R detailing a lawyer's ethical obligation to protect confidential client information, examining advances in technology and ever-increasing cybersecurity threats and providing guidance on when and how to tighten security measures. These days "law enforcement discusses hacking and data loss in terms of 'when,' and not 'if,'" says the opinion, further noting that: Law firms are targets for two general reasons: (1) they obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client, and (2) the information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client. Tips for 2018 We can expect that 2018 will bring continued aacks on law firms. To make sure you are prepared, we recommend the following: » Hire qualified cybersecurity experts. In the LOGICFORCE survey, only 30 percent of law firms had a credentialed chief information security officer, information security manager or similar position. Large firms can usually afford to hire their own internal security staff; smaller firms can hire managed security services providers (MSSPs) The very visible damage from data breaches combined with increased demands by clients for improved security makes a convincing case for investing to protect your data and your business. or consultants. Either way, having dedicated, qualified personnel is critical to combating threats. » Identify what data you have and where that data is stored. Many firms think they know where their data is stored, only to be surprised when an audit reveals that their sensitive data is being stored in unsecured locations such as home PCs, unencrypted thumb drives or personal smartphones. As ABA Opinion 477R puts it: "The lawyer's task is complicated in a world where multiple devices may be used to communicate with or about a client and then store those communications. Each access point, and each device, should be evaluated for security compliance." » Recognize the value of your data. The events of the last year leave no doubt that hackers target law firms in order to steal or hold hostage client data. The law firm's own data, including employee and financial information, can also be highly valuable. What if a hacker accessed and sold