Data breaches, hacking, ransomware attacks, phishing scams — every day a news headline chips away at people’s confidence in the safety of their personal information.
For attorneys who are entrusted with confidential and proprietary data of their clients, the threat is not just personal. It can also take enormous toll on their practice and livelihood.
“Law firms are the pre-eminent protector of clients’ sensitive and confidential information,” said Karen P. Randall, co-chair of the NJSBA Cybersecurity Task Force and partner and chair for cybersecurity and data privacy at Connell Foley, LLP in Roseland. “Clients will leave firms who suffer a data breach and lose sensitive client data, putting firms at risk for legal, ethical, operational and reputational exposure.”
On Nov. 17, the task force, in conjunction with the New Jersey Institute for Continuing Legal Education, will put on a comprehensive Cybersecurity Institute at the New Jersey Law Center in New Brunswick. The program goes from 9 a.m. to 4 p.m. and continuing education credits are available.The day’s program includes a keynote presentation from David Weinstein, the state’s chief information officer and co-chair of the association’s task force. Weinstein will speak on what to expect on the cybersecurity landscape in 2018. In addition, there will be breakout sessions with experts from various industries sharing information on the multitude of existing threats, risks, best practices, and giving practical tips on handling data breaches, purchasing cyber liability insurance policies and more.
Randall also noted that recent American Bar Association rules and opinions make clear that beyond self-preservation, attorneys have an ethical duty to keep current on risks posed by technology and take reasonable action to protect against those risks.
“Most law firms aren’t prepared for a major breach and have not yet implemented a reasonable cybersecurity program” that includes tools such as encryption, multi-factor authentication, password management, security awareness training, mobile device management, security monitoring, and more, Randall said.
Attorneys might be surprised to hear that a 2014 survey by the American Bar Association discovered that 1 in 4 law firms admitted to suffering a data breach. That number, however, did not include firms that had yet to detect a breach in their systems.
And cybersecurity is not just an issue for large law firms. Randall notes that 62 percent of cyber-breach victims are small to mid-size businesses, which are at the greatest risk for an attack because they may lack sufficient resources or IT personnel. “However, there are cost-effective tools available to all sizes of law firms, including solo practitioners, to help secure the firms’ data,” Randall said.
NJSBA President Robert Hille has made cybersecurity a special focus of his tenure, and created the Cybersecurity Task Force as he entered office this past May. “The cybersecurity landscape is constantly and rapidly changing,” he said. “It is exhausting to stay abreast of the myriad issues, yet cybersecurity is an area that no attorney – no matter the size of the firm -- can afford to ignore.”
For more information, and to register for the 2017 NJSBA Cybersecurity Institute, go to
www.njicle.com.
