Why Cybersecurity Matters for Law Firms
Lawyers have access to trade secrets, intellectual property, merger and acquisition details, personally identifiable information (PII), and confidential attorney-client-privileged data of their clients. And while it’s not unreasonable to think that a corporation can afford a sophisticated cybersecurity strategy, many law firms either cannot afford cybersecurity or do not prioritize it.
Failing to keep data secure is more than just a huge risk for you and your firm, it can also have incredibly negative consequences for your clients. This is why law firms have become targets within the hacker community. They contain all the desired information with less cybersecurity, on average. According to the 2019 ABA Cybersecurity Tech Report, 26% of law firms experienced a form of data breach. You don’t want your law firm to become part of that statistic. That is why data security should be a top priority for Law Firms. If criminals penetrate your firm’s security, the consequences can be extensive ranging from minor embarrassments to serious legal issues, including:
- Compromised communications due to phished or compromised email accounts
- Inability to access firm information due to ransomware (i.e., where hackers encrypt files and demand money to restore access)
- Public leaks of personal or business information (e.g., on social media)
- Loss of public and client trust in your firm – reputational damage
- Malpractice allegations and lawsuits
How Can Cybernon Help? Ethical and regulatory obligations...
According to the American Bar Association (ABA) Rule 1.6: Confidentiality of Information, lawyers should “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client”. Additionally, the ABA has also released several Ethics Opinions (such as Securing Communication of Protected Client Information and Lawyers Obligations After an Electronic Data Breach or Cyberattack) which provide guidance for lawyers on how to address cybersecurity.
To comply with the obligations of the American Bar Association, Cybernon will show that your law firm is making all reasonable efforts to protect your firm’s data including:
- Implementing a Cybersecurity Plan
- Protecting your Firm’s Computers from Ransomware
- Securing your Mobile Devices
- Data Encryption in Cases of Theft
- Data Backup – Disaster Recovery
- Advanced Email Security
- Improving Communication Practices
- Vetting Legal Tech Vendors through 3rd Party Risk Assessments
It’s also important to keep these ethical responsibilities and best practices in mind when adding information technology to your firm. Cybernon will ensure your regulatory obligations are met by better protecting your firm’s data (client data) via streamlined processes, enhanced security infrastructure, and encryption.
GDPR, CCPA, SHIELD, and state-specific breach notification laws
Data security laws can vary with location. Cybernon assists your firm to understand the legal responsibilities in the event of a breach.
- GDPR: To help address global needs for enhanced data security, in 2018, Europe introduced a unified data protection law, the General Data Protection Regulations (GDPR). GDPR—which strives to unify the regulatory environment for businesses handling personal data—requires enhanced protection of personal data belonging to EU individuals. While GDPR currently applies to firms in Europe, its regulations could affect your firm, so it may be a good idea to learn more about GDPR.
- CCPA: In 2020, the state of California introduced the California Consumer Privacy Act (CCPA), which strives to mirror the GDPR and requires enhanced protection of personal data for California residents.
- SHIELD: Similarly, New York has introduced the Stop Hacks and Improve Electronic Data Security Act (SHIELD), which introduces a requirement to implement “reasonable” security safeguards for any business in possession of the personal data of New York residents. The SHIELD Act also enhanced New York’s existing data breach notification requirement (already one of the strictest in the United States).
We want to be your partner in IT with our Cybersecurity First approach
Get a 30 Day Free Trial of Cybernon’s Services.