How Cybercrime is Threatening the Modern Attorney’s Duty to Maintain Client Confidentiality
Back in 2012, Robert Mueller, Director of the FBI at that time, stated that “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
It’s almost as if he saw the future, isn’t it?
According to a recent study, physical theft was the most common type of fraud facing businesses until 2017. Since then, information theft and/or cyberattack is the most common form of crime facing businesses. Over the past decade or so, we’ve seen numerous law firms experience data breaches – it’s all over the news each and every day. Why are law firms increasingly becoming targets for hackers? Because they hold a ton of valuable information:
- Medical records
- Bank information
- Government secrets
- And much more
For hackers looking to make money on the dark web, a law firm is the perfect, most lucrative target. The FBI has even stated that law firms are “one-stop shops” for attackers. Yet we’re still seeing a lack of proper cybersecurity measures in the average law firm. Just take a look at the numbers according to a recent study by the American Bar Association (ABA):
- 58% use firewalls or anti-phishing software
- 33% use email encryption software
- 25% use device encryption software
- 25% have an employee training program in place
The numbers simply don’t add up. In today’s day and age, we know that firewalls and anti-phishing software aren’t enough to protect against cybercrime, yet they are the most commonly used forms of cybersecurity protection – with many law firms relying on firewalls and anti-phishing software alone.
Attorneys Have a Duty to Protect Client Confidentiality
ABA has highlighted an attorney’s ethical obligations in terms of data security. Opinion 483 states that all “lawyers MUST employ reasonable efforts to monitor the technology and office resources connected to the internet, external data sources, and external vendors providing services relating to data and the use of data.”
You’re required to understand your limitations, and if necessary, obtain sufficient information or assistance to protect client information.
If you fail to protect client confidentiality, it may constitute unethical or unlawful conduct – leading to a reputation that’s hard to get rid of. So how do you maintain client confidentiality in today’s ever-evolving threat landscape? Here are a few tips:
- Enforce a cybersecurity training program to keep your staff educated on identifying and responding to spam, phishing, malware, and other threats.
- Create a password policy that outlines the importance of strong passwords, as well as the use of two-factor authentication wherever possible.
- Use extra security measures, such as encryption, for files relating to clients to prevent unauthorized access from occurring.
- Implement enterprise-grade security measures, such as web content filtering, intrusion detection software, and more to protect endpoints.
- Develop an incident response plan to ensure a quick and appropriate response in the event of a breach.
- Understand the breach notification requirements in each and every jurisdiction you’re offering legal services.
- Implement a data backup solution wherein your data and applications are backed up in the cloud and locally on a regular basis.
Get The Cybersecurity You Need
Colorado Computer Services can assist you to protect your client’s confidentiality. Utilizing the latest cybersecurity technologies and protocols, we offer our clients the best protection from hackers available. Let us help you before Mueller’s prediction comes true for you.