Cyber attacks have been in the news a lot lately, with data breaches at major companies and tales of hacked emails regularly featuring on the nightly news. The simple fact is that cyber crime is on a sharp rise.
This increase matters for legal professionals because law firms are very often the guardians of oodles of sensitive and confidential information. The isn’t something the cyber criminals have failed to notice; The FBI reported at a recent legal tech conference that they see hundreds of law firms targeted by hackers every year.
However, for a profession that is, shall we say, not famed for its enthusiastic embrace of new technology (even despite the ABA insisting that technological competence is an ethical requirement for lawyers), that’s a problem. Such is the scale of the issue that Joe Patrice, writing for Above the Law, went so far as to call law firms “the soft underbelly of American cyber security.”
Legal professionals need to get their house in order, and soon. Conveniently, October is National Cyber Security Awareness Month — an annual campaign to raise awareness of cyber security issues. Here at One Legal we like to do our bit, so look out for blogs in the coming weeks containing some practical tips for getting cyber secure at your law firm (make sure you subscribe to ensure you don’t miss out!).
The ABA’s cyber security concerns
The American Bar Association has weighed in on cybersecurity concerns. Back in 2014, the ABA’s House of Delegates unanimously passed Resolution 109, which stated that the House resolved:
“That the ABA encourages private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations, and is tailored to the nature and scope of the organization, and the data and systems to be protected.”
While the professional body stopped short of making cyber crime awareness and prevention full ethical requirements, there’s a strong steer here that the issue is important and requires not just consideration, but action.
The serious consequences of cyber crime
Cyber attacks can fall into two main categories: data theft and sabotage (e.g. an attack on your website or your communications systems). The former should be the biggest concern for law firms given the quantities of sensitive information in their possession.
Think about the amount of information you hold on your law firm’s computers about your clients — it’s almost certainly enough for someone criminally minded to steal their identity and seriously damage their financial accounts.
The reality is that cyber attacks, like so much in the U.S., can lead to lawsuits — against the victims of the attack by those affected by the data breach.
Clearly, as one of the leading electronic filing and service providers in the U.S., we’re big proponents of law firms moving much of their operations online. The benefits of “going paperless” and embracing digital working are, after all, substantial.
There’s no denying, though, that putting all that information online does come with risks attached. The migration of files to third-party cloud providers has created a centralization of data and, unfortunately, more opportunities for criminals to get their hands on it.
There are obligations on the providers of these services to take security seriously, as we do at One Legal. There’s also an obligation on you as a legal professional, though, to make the right choices and to understand the potential risks.