Excerpt: Amid much hand-wringing, the prophecy that law firms would be forced to confront their data security shortcomings has finally come true. Clients now want, as do regulators, assurance that law firm data is being adequately protected. The receipt of information security audits, more politely termed “assessments”, is now a regular occurrence at many law firms. They come not only from clients, but from insurance companies offering cyber insurance – but they want to know what they are getting into first!
Excerpt: We deliberately chose the title “When Your Firm Suffers a Data Breach,” not “If.” This is consistent with an oft-repeated mantra in cybersecurity today (“when not if”) that recognizes the ever-increasing incidence of data breaches. Robert Mueller, then the FBI Director, put it this way in an address at a major information security conference in 2012:
I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.
This observation is true for attorneys and law firms as well as companies. There have now been numerous reports of law firm data breaches. The FBI has reported that they are seeing hundreds of law firms being increasingly targeted by hackers. Law firm breaches have ranged from simple – like a lost or stolen laptop or mobile device – to highly sophisticated – like a deep penetration of a law firm network, with access to everything, for a year or more.
Excerpt: We have written about cyberinsurance previously. It would be too strong to say “forget everything you knew before” on this topic, but there have been such major developments in the last year that a strong cup of coffee might be helpful while you carefully read this article. A new dawn has indeed broken and law firms have a lot of catching up to do.
Excerpt: In the world of legal ethics, 2015 was a big year, with 20 states adopting the ABA’s revised rules (Model Rule 1.1 and 1.6) regarding the need to be familiar with the risks and benefits of technology, including how to use technology to secure confidential data. CLEs about competence and technology began to multiply faster than rabbits as lawyers scrambled to see what their new ethical duties were.
Lost in that shuffle, for the most part, were discussions of an ethical requirement to be competent in e-discovery. News channels flared briefly when the California Bar released an ethics opinion (Formal Opinion 2015 – 193, published on June 30, 2015) which detailed the skills that attorneys must have when dealing with electronically stored information (ESI) and e-discovery. But the publicity died down and we saw only a handful of CLEs which touched on this issue even slightly, so the topic seemed ripe for an article.
Excerpt: No one would describe The Future of the Professions as a “light and frothy read.” We are huge fans of author Richard Susskind’s previous books and his evolving thoughts about the future of the legal profession. In this book, he and his son Daniel, a lecturer in economics at Oxford University, look across all the professions to see what the future might hold, observing many commonalities in that future.
Excerpt: There are lots of cybersecurity worries to give you the willies in the wee hours of the morning, but we were asked to pick five, so here are some of the most common ones.
Excerpt: We should be grateful for other peoples’ data breaches – they help us to improve our own security. In our breach-a-day world, we seem to have more data breaches than ever. They come fast and furious – rare is the day when we don’t hear of one or more breaches on the evening news or through online media. Attack vectors change constantly – those of us in information security have a deep sense of humility in the face of constant changes in threats as well as technology, policies and training to defend against those threats.
Herewith, a few of the famous data breaches of 2015 (and one from 2014) with lessons to be learned from how they happened.
Excerpt: “Facebook only arrived on the scene in 2004. It seems to many, especially the young, as though it has been here forever, but it has not. Our children simply don’t remember a non-digital life. So much has changed in the last two decades that we find ourselves trekking on unmarked paths in a new frontier. We now – and forevermore – will live in a digital world. Those who are disconnected have become dinosaurs, dying out slowly over time. Change is forced upon us.
Most people have no understanding of the digital property they own, and even less understanding of what may happen to those assets if they die or become incapacitated.”
Excerpt: The most used method of electronically communicating today is via e-mail. Some may argue that text messaging is the number one method and that may be true for the younger generation, but businesses are generally communicating with some sort of e-mail service. The issue that we need to tackle is whether our electronic communications are secure (or need to be) and how to securely communicate when needed.
Excerpt: Lawyers like the idea of connecting with others on a resume driven site and many lawyers who were dismayed by Facebook felt comfortable on LinkedIn. As we write, author Nelson has 2407 connections and author Simek has 562 (slacker).
Like many people, we experimented with belonging to LinkedIn groups. Sadly, we found most of them dominated by marketers. The noise ratio was high, some posts were indistinguishable from spam and we pretty much gave up on those, finding legal listserve discussions to be far more useful.