Cybersecurity for Law Firms: Addressing the Ethical Side of Staying Safe

Cybersecurity for Law Firms: Addressing the Ethical Side of Staying Safe

As Attorneys Embrace Technological Innovation More Than Ever Before, It’s Integral for Them to Understand the Ethical and Legal Obligations That Go Hand-in-Hand with Digitization.

As the legal industry becomes increasingly competitive, many law firms are differentiating themselves through embracing innovative forms of technology – allowing them to deliver even more value to their clients. While it’s fantastic to see attorneys stepping up and digitizing their firms to streamline the way they provide legal services, it’s integral for them to understand the ethical and legal obligations that go hand-in-hand with digitization. Technology can enable greater project management, collaboration with clients, and overall, accessibility to important information from the office, courtroom, and overall, anywhere with an internet connection. But as attorneys become more connected, they must do their due diligence to minimize the risks of unauthorized access and/or disclosure of sensitive information.

What Threats Do Attorneys Need to be Concerned About?

Cybercrime takes a variety of forms – ranging from phishing scams to social engineering attacks to sophisticated technical exploits and everything in between. But hackers aren’t the only threats attorneys need to be concerned about, although they’re one of the greatest threats. Attorneys also need to be aware of the risk that comes with:

• Lost or stolen laptops and mobile devices
• Inside threats, such as untrained or malicious personnel
• Accidental file deletion and/or sending to the wrong individual

Unfortunately, many law firms simply don’t take the preventative measures necessary to minimize the risks involved with the above threats. The American Bar Association surveyed a large number of law firms – finding that most don’t use the right cybersecurity solutions:

• Only 58% use firewalls or anti-phishing software
• Only 33% use email encryption software
• Only 25% use device encryption software
• Only 25% have an employee training program in place

Attorneys Have an Ethical and Legal Obligation to Safeguard Sensitive Information…

Despite the fact that many law firms aren’t implementing the right cybersecurity solutions, attorneys have an ethical and legal obligation to safeguard sensitive information with competent and reasonable measures. They often have contractual and regulatory duties to do so, as well. In October 2018, the American Bar Association’s Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 483: Lawyers’ Obligations After an Electronic Data Breach or Cyberattack.

In Opinion 483, it’s explicitly stated that “lawyers must employ reasonable efforts to monitor the technology and office resources connected to the internet, external data sources, and external vendors providing services relating to data and the use of data.” So what can attorneys do to keep sensitive information protected against unauthorized access and/or disclosure? Here are a few tips:

1. Implement a cybersecurity training program that teaches staff members how to identify and respond to the most common types of threats.
2. Enforce a password policy that requires staff members to create strong passwords made of a mix of characters, numbers, and letters.
3. Implement enterprise-grade security measures, such as web content filtering, intrusion detection software, encryption, and more.
4. Develop an incident response plan to ensure appropriate action is taken in the event of a breach.
5. Be aware of the breach notification requirements according to ABA, as well as any relevant state regulations.
6. Implement a data backup and business continuity strategy that keeps all data and applications accessible in the event of a disaster.

Lastly, work with a technology partner that knows and understands the legal realm. The HelpDesk Company, located in Richmond, VA, specializes in working with law firms with 5 to 50 employees. We have an in-depth knowledge of the ethical and legal obligations attorneys have to safeguard sensitive information.

Contact Your Trusted Richmond Legal IT Company at (804) 282-2282 to Get Started.