Improving your cybersecurity health is increasingly important for lawyers both to stay safe and to keep up with ethical requirements.
To help lawyers with these tasks, our Committee on Technology and the Legal Profession has issued a guide, “NYSBA Cyber Key Takeaways
” identifying simple actionable and practicable items lawyers can use to protect themselves.
A minimum level of cybersecurity competence requires litigators and transactional attorneys to understand basic cyber risk management concepts. The basic elements include cyber threat literacy; pre-incident planning; incident response; and iteration.
Attorneys must first understand the risks that they face, such as financial fraud, compromised information, as well as the technology resources they use that could facilitate these attacks on their client and firm information. Pre-incident planning helps lawyers by taking a proactive approach to planning for incident response. Training staff for these incidents is essential so that cyber risks to a firm are not passed on to clients.
Firms should have formal written guidelines for investigating and responding to cyber incidents. Well-written response plans direct attorneys on how to contain incidents; safeguard evidence; and identify and comply with applicable state and federal data breach notification laws. Reviewing these response plans in advance, particularly if an incident occurs, will help you assess what changes you need to make to stay safe.
Don’t click on the link
You may receive an email indicating that you need to review a link that is relevant to something you’re actively working on. The “bad guys” often study their targets in advance through what is available online so they can craft urgent, time-sensitive emails designed to get you to click on the link. Once you click on that link, hackers can begin looking at your system for vulnerabilities. From there, you may receive an email saying that your data has been found and you must pay a ransom to get it back. It is one of the most lucrative methods of extortion on the Internet. The hackers can also get access to your data, and use it, post it or sell it.
One key, however, is to have a backup of your data offsite. It is the only surefire way for your firm to recover from a ransomware attack. Knowing where all of your confidential data is stored and saved can help you recover quickly. You just need to make sure they do not get compromised. Cloud-based backups, like OneDrive and Dropbox, may help, even in the free version; it’s often a good first step at least for organizations without solutions in place.
Take your vitamins
Keeping up with your cyber health is critical. As such, lawyers should keep current, update and patch their systems regularly to ensure optimal protection from the “bad guys.” Encrypt, as appropriate, firm and client data, saved or transmitted.
You may need to change the way you work and interact with technology but it’s for your security and the security of your clients. Continue with training to be ongoing, relevant and interactive.
The full guide can be viewed here. Mark A. Berman of New York (Gander Shore Leeds & Zauderer) and Gail L. Gottehrer (Law Office of Gail Gottehrer) co-chair the Committee on Technology and the Legal Profession.