Cybersecurity and the Law
When it comes to cybersecurity, attorneys from solo shops to BigLaw are grappling with tough issues.
Facing litigation after a phishing attack, attorneys contemplate the imperative to encrypt attorney-client communications. When a government agency is breached, firms look to ameliorate the damage to their clients. After every large public data breach, policymakers weigh whether organizations should have to disclose future incidents.
As these important issues are digested and debated, adversaries are taking advantage of law firm vulnerabilities. The American Bar Association’s 2017 Legal Technology Survey Report found that 22 percent of respondents experienced a cyberattack or data breach at some point, an increase of 8 percentage points over the previous year. These attacks occur as the legal industry ranks near the top in cybersecurity, according to recent research from cybersecurity ranking company BitSight Technologies.
Cybersecurity and the law
A joint production of the ABA Journal and the ABA Cybersecurity Legal Task Force
Despite its comparatively high ranking, there is still room for improvement—after all, the consequences of a breach can be severe. Data breaches, a modern certainty like death and taxes, damage an attorney’s ability to provide zealous representation. Hacks can also cost large sums of money, as well as the profession’s own credibility.
To help make sense out of the ever-changing cybersecurity landscape, the ABA Journal—joined by industry and legal experts and in collaboration with the ABA Cybersecurity Legal Task Force—will spend the next year exploring traditional and vanguard cybersecurity and digital privacy issues. The goal is not to scare the legal field with digital horror stories but to cultivate a useful dialogue around current threats and best practices to better protect law firms, their clients and the profession.
The series begins with how a firm can assess its digital vulnerabilities and potential adversaries and change its organizational culture to be “security first.” From there, the series will explore the ethics of cybersecurity, cyber insurance and what to do after a breach. Later in the year, it will look prospectively at potential government regulations, the role of artificial intelligence and the future of cyberwarfare.
Beyond specific topics, this series looks to promote concepts that create a healthy security culture. This series will not hawk tools and digital “solutionism.” Rather, it will reinforce that process, procedure and people are the core components of online security.
Another theme will reiterate that cybersecurity threats and best practices are always evolving. The pieces in this series should be read as a snapshot in time and not as rules written in stone. For example, only last year, the National Institute of Standards and Technology rescinded its 14-year-old recommendations that “strong” passwords should contain numbers and special characters and be changed regularly. Research showed that these practices made accounts less safe. NIST now recommends longer passphrases and only changing a passphrase after a breach.
Adversaries seeking to breach law firms constantly change and improve their practices. To be proactive and secure in a dynamic world, lawyers must adopt a similar mindset.
Join us in the magazine and online throughout 2018 to stay abreast of evolving cybersecurity practices and growing threats. After all, your security is at stake.