When you seek help from an attorney, you take comfort in the fact that what you tell your attorney remains confidential. If you’re a business owner, for example, you may share information about your company’s valuable intellectual property or trade secrets. If you are creating an estate plan, you may feel keeping the details of your will secret is very important. In either situation, you have confidence that your information won’t be shared with anyone else.
Yet, in the 21st century, legal offices operate much like any other type of business, keeping their records on computers or in the cloud. Unfortunately, this means a law firm’s confidential information may be at risk for a cyberattack from hackers. About 42% of large legal firms with more than 100 employees already have become victims of a data breach. Often, hackers target legal firms to gain sensitive data and then demand ransom money to not release that information publicly or to make profitable insider trading decisions based on the information they collect.
Legal information and cyber security
In 2018, the American Bar Association directed its members to increase their cybersecurity efforts. This included recommending the following:
- Firms conduct an internal and external audit to identify possible data security threats and entry points.
- Firms train employees how to recognize suspicious activity, including phishing emails and suspicious email links and how to increase their password security.
- Firms only give employees access to information that’s absolutely necessary to do their jobs.
- Firms implement two-factor authentication for employee access.
- Firms have anti-virus software and update software frequently.
- Firms encrypt their data.
- Firms hire an IT department or external IT consulting firm to regularly simulate cyber attacks to expose potential threats.
- Firms keep their computer servers in a locked, secure location.
- Firms understand the privacy policies and data security of any vendors they work with.
- Firms ensure they wipe computers clean before disposing of them.
When legal data breaches occur
When a firm experiences a legal data breach, the firm needs take reasonable steps to:
- Stop the breach
- Avoid further exposure of its data
Lawyers need to inform their clients of the data breach in a timely manner. Also, clients should be aware that they can sue their attorneys for legal malpractice if their attorney’s firm had substandard cybersecurity and their information was leaked.