Cybersecurity And The Realities Of Practicing Law In 2018

Responding to cyberattacks is an unfortunate part of practicing law in the 21st century now that breaches are an inevitable reality.

Cybersecurity is a hot topic for lawyers in 2018. It’s discussed often, both online and off, and cybersecurity sessions are always well attended at legal conferences. So it was no surprise that it was the focus of this year’s Futures Conference in Boston (which I attended on a press pass), since the conference is put on by the College of Law Practice Management, an organization whose members always seem to be on the cutting edge of what’s trending in the legal technology space.

The Futures conference is held annually and each year it has a different theme. This year’s topic was particularly timely given the many well-publicized data breaches that have occurred — and affected millions and millions of people — since last year’s conference on artificial intelligence.

Of note was a theme that quickly emerged and was oft-repeated throughout the conference: Breaches are simply a fact of life and are inevitable. During the second session, this concept was highlighted by the following Robert Mueller quote:

“I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be again.”

Given the realities of the potential for a breach in 2018, you shouldn’t be surprised to learn that one of the statistics shared during the conference was that one third of law firms with 10-99 lawyers suffered from a cyber breach in 2017.

According to the speakers, email is the weakest link for many law firms, with phishing emails being one of the most common types of hacking encountered by lawyers. Another type of email scam that is increasingly prevalent and that firms should be aware of is pretext emails, which occur when a person uses the email address of another and pretends to be that person. These incidents have occurred five times as often this year than last.

An example of this type of scam was widely reported over the past year and involved real estate transactions. Real estate lawyers were warned to be aware of last-minute emails purportedly from opposing counsel wherein there was a change in the information relating to the deposit bank account for the transaction. In the vast majority of these cases, a criminally motivated third party had inserted themselves into the email chain, and sent emails which, at first glance, appeared to be from one of the attorneys to the transaction. Unfortunately, in many of these cases, funds were often transferred prior to the fraud being detected.

Sponsored

The speakers explained that hacking is committed by a number of different parties ranging from lone hackers and cybercriminals to nation states and terrorists. In other words, the motivations for the hacking vary but the end result is the same — your law firm’s data is compromised.

So if a breach is inevitable, what’s a law firm to do? The short answer: In addition to taken preventative measures, have a cyber response plan prepared in the event of a breach.

During the first session, this concept was adeptly illustrated via this quote from Bruce Schneier, a well known security expert:

“You can’t defend. You can’t prevent. The only thing you can do is detect and respond.”

In other words, responding to cyberattacks is an unfortunate part of practicing law in the 21st century now that breaches are an inevitable reality. In fact, as shared during the second session at the conference, it is predicted that by 2020, 60 percent of businesses’ technology budgets will be devoted to detection and response.

Sponsored

Remediation involves a lot of moving parts within a law firm.  As the speakers emphasized throughout the conference, the key is to ensure that the various departments — including management, finance remediation, and the PR and  IT teams — coordinate both their internal response and all external communication.

For more on how to prepare for and remediate a cyber breach, make sure to read this article from the Michigan Bar Journal: What To Do When Your Data Is Breached. It provides an overview of the cybersecurity issues faced by law firms and covers incident response plans and actions for law firms.

The bottom line: Be careful — it’s a jungle out there! Ignoring the realities of cybersecurity in 2018 isn’t an option, so do the responsible thing and face it head on. Cyber thieves are lying in wait and your firm may be their next target. So make sure that your law firm is prepared both in terms of taking steps to prevent a cyberattack and responding when — not if — a breach occurs.


Niki BlackNicole Black is a Rochester, New York attorney and the Legal Technology Evangelist at MyCase, web-based law practice management software. She’s been blogging since 2005, has written a weekly column for the Daily Record since 2007, is the author of Cloud Computing for Lawyers, co-authors Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York. She’s easily distracted by the potential of bright and shiny tech gadgets, along with good food and wine. You can follow her on Twitter @nikiblack and she can be reached at niki.black@mycase.com.

CRM Banner