Cybersecurity
What you need to know Barbara Relph* Is your practice protected from cyber threats? The cheap lock on the back door to your practice could be as simple as your choice of passwords, or failure to use two factor authentication on your emails – and is just as easily remedied. The tech world is full of buzz words, and the buzz word “cyber” simply means the use of technology, so a “cyber threat” is a risk which arises from the use of technology. Government organisation CERT NZ (Computer Emergency Response Team) figures showed a 65% increase in the number of cybersecurity reports made by individuals, small businesses and large organisations in 2020 compared with the previous year. There is no doubt that there are vastly more unreported incidents. How do you keep your information and your clients’ secrets safe? This is especially difficult when that information needs to be easily available wherever you are working. The marked trend towards remote working adds to the problem by moving client information on to other devices which may not have the necessary security. The storage of client information is clearly the lawyer's responsibility. Aside from requirements under the Privacy Act and the Client Care rules, it is simply bad for business when there is a breach of data security. But the question is how much you - a lawyer - need to know about technology in order to meet your obligations. The US, Canada and Australia have regulated the issue of cyber security for law firms in their codes of ethics.
16
For instance, the New Hampshire Bar Association regulates the competence of a lawyer to include “a basic understanding of the technologies they use”. And further, “as technology, the regulatory framework, and privacy laws keep changing, lawyers should keep abreast of these changes.” In New Zealand, we haven't reached that point. But it is certainly arguable that you need to know enough so that you are not negligent. It can be quite a conundrum to find the gold standard of the best technology and the ability to access information from anywhere, all while keeping costs as low as possible. This is the challenge for a small business such as a barrister's practice.
Defining types of incidents: The burgeoning cyberattack industry has produced new industry-specific words which can be heard or read on any news platform. You may be familiar with some or all of them, but they are roughly defined here. • Malware (malicious software): Malware is designed to infiltrate a system, causing damage without you knowing or consenting. This includes viruses, worms, Trojan horses, spyware, and adware. • Ransomware: Similar to malware, but ransomware has the specific purpose of exploiting a vulnerability. It encrypts the contents of the hard
SEPTEMBER 2021
