The American Bar Association Law Practice Division sponsored a seminar, Cybersecurity: Ethically Protecting Your Confidential Data in a Breach-A-Day World, by Hemmans/Reis in April 2016. The seminar was extremely informative and pertinent.
All the seminar slides and notes can be viewed here.
Short on time?
I've compiled the following key slides, takeaways, and extra notes I took from the seminar:
What do hackers want from law firms?
Personally identifiable information – not just credit card numbers, but your employee info too
Intellectual property/Trade Secrets - Yours as well as your clients
Information on litigation & transactions
National security data
Deny / disrupt service - just because they can!
Ask hackers why they attack law firms, and their reply - to riff on bank robber Willie Sutton's famous quip - would no doubt be: 'Because that's where the secrets are." - infoRisk Today (April 7, 2016)
Law firms are ethically required to do the following:
ABA Aug. 2012 Model Rule 1.1  Amendments Maintaining Competence: “…a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” Adopted by 20 states as of Mar. 2016
Model Rule 1.6 Confidentiality of Information Addition to rule “(c) A lawyer shall make reasonable efforts to prevent the unintended disclosure of, or unauthorized access to, information relating to the representation of a client.”
Preventing yourself or your law firm from being hacked
Identify where the data is stored
Use strong passwords or passphrases
Encrypt your data
- Train lawyers & staff on safeguard tactics
Put a formal Response Plan in Place
The #1 safeguard against attacks
Their #1 best practice is to "Maintain cyber liability insurance."
There are insurance products designed specifically for law firms that protect you and your clients should the unspeakable occur.
Be sure to consult with a broker to ensure you're getting the right coverages for your unique cyber insurance needs.