FALL 2020 TODAY’S GENER AL COUNSEL
Cybersecurity
Cybersecurity Is a Fundamental Legal Responsibility By Brad Smith
14
A
ll practicing attorneys face daily threats from cybercriminals worldwide. It does not matter whether you work for a large firm or are in a solo practice. Not only do lawyers and law firms deal with substantial sums of money, they possess confidential information that threat actors can use to leverage substantial ransoms. Failing to protect your firm and the money and information provided by clients will be costly financially and to the reputations involved. As IT and tech law specialist Sasa Markota noted, “Only when clients have full trust that their communication with the attorney is confidential can I get all the information I need to do my job. On the other hand, if that confidence is violated, clients could suffer irreparable harm, and my career and reputation would be ruined.” Let’s take a look at some fundamen-
tal cybersecurity points for lawyers and firms before going over actionable cybersecurity steps. BIG RISK FOR SMALL FIRMS AND DEPARTMENTS
There’s a common assumption that only large firms with high-stakes clients are at risk of cyberattacks. Not true. Hackers know that small companies are less likely to have dedicated security teams or tight security practices. For the effort involved in hacking a large company or law firm, hackers can attack multiple smaller businesses or firms and still achieve significant financial gain. Every staff member in a firm is responsible for cybersecurity. From office and support staff to senior partners, cybersecurity is a team effort. Although it is tempting to think that IT will take care of all security matters, this mindset is dangerous. The concept of proper
cybersecurity must permeate a firm’s ethos and practices. Below are some key areas that warrant consideration. If your tools are not secure, you are essentially inviting hackers into your systems. All devices that connect to a firm’s system and interact in any way with confidential information and financial data need to be properly secured. Invest in anti-malware programs to help thwart any attacks. You should also install high-quality Virtual Private Network (VPN) software in your office router to encrypt data throughout the network, shielding it from any prying eyes. Make sure that devices used for remote work are covered by the security software. The signature database should be updated, and the files fully scanned daily. Make sure that all software in use is set to automatically update. Software developers provide updates to patch
