What Lawyers Should Know About Cybersecurity
With all of the buzz around data breaches, it’s no wonder that lawyers need not just to know about cybersecurity—but to make themselves experts. Here’s how. Let’s take a closer look.
- Student Tips
Cybersecurity is a hot topic in the news, and with good reason. Information flows faster than it ever has—and there are plenty of places that it gets intercepted. From international politics and corporations to small businesses and mom-and-pop shops, cybersecurity affects nearly everyone who uses the internet.
Cybersecurity is so important that Singapore’s National Research Foundation recently pledged $16 million to help fund cybersecurity projects there. Other countries are stepping up to do the same.
Why? Information is important and it needs to be protected. Cybersecurity should play a role in every lawyer’s practice. Here’s what you need to know:
1. Cybersecurity Law is a rapidly growing field
The number of security breaches is growing. 2017 alone saw security breaches at Equifax, Yahoo, Verizon, Bell Canada, and Sabre, among scores of other companies and services.
What does this mean? It means that users’ information is compromised and information like social security numbers, names, addresses, phone numbers, and bank accounts is available to anyone out there. Anyone.
It also means that cybersecurity lawyers are in high demand.
Cybersecurity lawyers need to know and understand regulations, compliance, policies, laws, and protocols on private information, and how all of that information needs to be—and should be—protected in both the public and private sectors.
It means that there’s a whole new field of law out there that needs experts.
2. Hackers target law firms
It’s not hard to figure out why. Law firms harbor lots of private information that hackers want. Law firms house highly-sensitive information like financial data, corporate strategies, trade secrets, business transaction information, and other private information.
The truth? Many law firms lack strong cybersecurity programs, making them ripe for hackers.
What can law firms do?
For starters, all law firms should have two-factor authentication (2FA) for all of their sensitive data. 2FA adds an extra barrier for hackers looking to access email, data storage, or other sensitive information.
Law firms need to update their operating systems consistently. Updates fix known bugs in operating systems—not to fix them can create “holes” that hackers can use to access your system.
Encryption also helps—the benefits are big and the cost is nearly negligible.
Regular updates to all lawyers in the firm help, too. Even knowing about malware can save your law firm from a cyberattack.
Lawyers should also use encrypted passwords that are changed frequently.
3. Lawyers are responsible for keeping data private
Lawyers have a legal and ethical responsibility to protect their clients’ data—and by extension, their own.
According to the American Bar Association (ABA), Rule 1.6, section (c), “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of the client.”
4. There are easy steps to prevent hacking
Preventing a data breach is never a sure thing, but it’s possible to ward off hackers.
In addition to the steps in #2—encryption, system updates, 2FA, and password maintenance, there are a few more things lawyers can do to improve their cybersecurity.
The first? Educate yourself and others. The ABA Cybersecurity Taskforce offers free online webinars, resources, and events for lawyers looking to tighten their cybersecurity and stay updated on the latest cybersecurity issues.
Secondly, make sure all system backups go to a secure server.
Thirdly, research cloud-based options for file restoration.
Your takeaway? Cybersecurity is critical to your success as a lawyer. Make sure you have the resources you need to succeed—and educate yourself. And for those who want to take it one step further, studying cybersecurity can open plenty of doors.