How Are Lawyers Supposed To Have More Security Than HBO?
Here’s some information to help you keep your ethical duties to your clients.
I don’t know for sure, but it’s safe to say that HBO has a better IT department and more hacking safeguards than the Law Office of Jeff Bennion. They have more resources to throw at security. They have more money to throw at ransomware attacks and upgraded security protocols. Yet still, I’ve spent the last few weeks trying to dodge spoilers of Game of Thrones stemming from a series of hacks of HBO’s Twitter account and servers. So, what am I supposed to do? What are any of us lawyers who don’t have unlimited resources and time supposed to do? Not put stuff in the cloud? Lock documents in doomsday bunkers? Not have any documents? Here’s some information to help you keep your ethical duties to your clients, keep your reputation, and keep your doors open (without breaking the bank).
What is the Standard?
What is the standard we are supposed to use to keep our documents and client information safe? The actual language will vary from state to state. Here in California, the language is found in our Business and Professions Code: “To maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client.” In other words, I have to try my absolute best. California, along with almost half of the states, has issued ethics opinions stating that attorneys can use the cloud. So far, no state has said attorneys cannot. Again, the security standards that lawyers are held to vary from state to state, but all pretty much revolve around a reasonable person standard. The way I see it, if most people can run a mile in eight minutes and I run a mile in eight minutes, that’s reasonable. But, if I could run a mile in seven minutes if I absolutely killed myself, that is “at every peril to myself,” which I interpret as a higher standard. Regardless of what the language is of your state, you should always push yourself as hard as you can and leave no stone unturned when it comes to the security of your files. You do not want to be saying after a hack, “If only…”
Is The Future Of Law Distributed? Lessons From The Tech Adoption Curve
Don’t Make Unnecessary Copies of Things
I know this might sound like an absolute blasphemy to lawyers, but you do not need to make a working copy set of records for everyone in the office, whether it’s electronic files or paper files. On cases where I coordinate with other people who are also paperless, we review and annotate PDF files in Adobe Acrobat. Our initials are left to our comments, so we can see who wrote what. When we get ready to make a production set for trial or to produce in discovery or give to an expert, you can just print the document to PDF and select from this dropdown “Document” instead of the “Document and Markups” default setting. That will make a clean set.
If you are using paper, every copy that you make is one more copy that you have to keep track of. Is it being disposed of in the recycle bin instead of the shredder bin? Who has made a copy of that copy?
Sponsored
Early Adopters Of Legal AI Gaining Competitive Edge In Marketplace
Is The Future Of Law Distributed? Lessons From The Tech Adoption Curve
Navigating Financial Success by Avoiding Common Pitfalls and Maximizing Firm Performance
Early Adopters Of Legal AI Gaining Competitive Edge In Marketplace
Store Confidential Records Differently
Certainly, your ex parte application for an order shortening time to bring a discovery motion deserves less cybersecurity resources than your client’s tax returns/medical records/merger info/etc. There are a number of things that you can do to add an additional layer of security to client docs as opposed to your pleadings or discovery folders. Since there are limited times that you might need to access those documents, such as when opposing an MSJ, or when preparing for a depo or for trial, try zipping entire folders of client docs with a file archiving program like WinRAR, which lets you add a password to your archived files.
Don’t use the same password for each file, use some naming convention other than the case name or billing number. For example, if it’s the Smith case, try making the password with the first letter at the end, like mithStaxfiles, or make the first letter one key to the left like Amithtaxfiles. That way, you can have a different password for each folder of records in each case.
Secure all Storage
Goes without saying, but unfortunately, it needs to be said. Use encryption software on USB drives. Use passwords on your computers. Set your computers to require a password when the screensaver turns on after five minutes of inactivity. Use multifactor authentication on your cloud services, including email if you can. Use a password manager so you are not recycling the same password for each site.
Sponsored
The Business Case For AI At Your Law Firm
Legal AI: 3 Steps Law Firms Should Take Now
Conclusion
You don’t have to be perfect in your cybersecurity. Perfection is like counting to infinity — it’s unachievable, so most people just give up. Instead, strive to do the absolute best that you can, including doing more research on other things you can do to protect your files.
Jeff Bennion is a solo practitioner at the Law Office of Jeff Bennion. He serves as a member of the Board of Directors of San Diego’s plaintiffs’ trial lawyers association, Consumer Attorneys of San Diego. He is also the Education Chair and Executive Committee member of the State Bar of California’s Law Practice Management and Technology section. He is a member of the Advisory Council and instructor at UCSD’s Litigation Technology Management program. His opinions are his own. Follow him on Twitter here or on Facebook here, or contact him by email at jeff@trial.technology.
