Protect Your Law Firm's Confidential Data: Summary of the ABA's 2016 Seminar


The American Bar Association Law Practice Division sponsored a seminar, Cybersecurity: Ethically Protecting Your Confidential Data in a Breach-A-Day World, by Hemmans/Reis in April 2016. The seminar was extremely informative and pertinent.

All the seminar slides and notes can be viewed here.

Short on time?

I've compiled the following key slides, takeaways, and extra notes I took from the seminar:

What do hackers want from law firms?

  • Money

  • Personally identifiable information – not just credit card numbers, but your employee info too

  • Intellectual property/Trade Secrets - Yours as well as your clients

  • Information on litigation & transactions

  • National security data  

  • Deny / disrupt service - just because they can!

Ask hackers why they attack law firms, and their reply - to riff on bank robber Willie Sutton's famous quip - would no doubt be: 'Because that's where the secrets are." - infoRisk Today (April 7, 2016)

Law firms are ethically required to do the following:

  • ABA Aug. 2012 Model Rule 1.1  [8] Amendments Maintaining Competence: “…a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…”  Adopted by 20 states as of Mar. 2016

  • Model Rule 1.6 Confidentiality of Information Addition to rule “(c) A lawyer shall make reasonable efforts to prevent the unintended disclosure of, or unauthorized access to, information relating to the representation of a client.”


Preventing yourself or your law firm from being hacked

  • Identify where the data is stored

  • Use strong passwords or passphrases

  • Train lawyers & staff on safeguard tactics
  • Put a formal Response Plan in Place

The #1 safeguard against attacks

The ABA wrote in an article the top 10 best practices to protect law firms from cyberattacks.

Their #1 best practice is to "Maintain cyber liability insurance."

There are insurance products designed specifically for law firms that protect you and your clients should the unspeakable occur.

Be sure to consult with a broker to ensure you're getting the right coverages for your unique cyber insurance needs.