Research Guides: Legal Technology Tips, Tricks, & Treats 2019: Best Practices for Data Security

Introduction

Four different sections of the rules of professional responsibility touch on the need to secure client information. ABA Model Rule 1.1, which deals with competence; Rule 1.4, which involves communications; Rule 1.6, which covers the duty of confidentiality; and rules 5.1 through 5.3, which focus on lawyer and nonlawyer associations.

The reason cybersecurity is important for attorneys is simple. They handle a lot of sensitive information for their clients and are therefore a target for hackers.

22% of law firms reported that they were victims of cyber attacks or data breach in 2017, and that percentage has been rising.

This guide will focus on the main areas of cybersecurity lawyers need to be aware of to prevent compromising client information.

ABA Formal Opinion 483, “Lawyers’ Obligations After an Electronic Data Breach or Cyberattack” (October 17, 2018)
“Data breaches and cyber threats involving or targeting lawyers and law firms are a major professional responsibility and liability threat facing the legal profession. As custodians of highly sensitive information, law firms are inviting targets for hackers. In one highly publicized incident, hackers infiltrated the computer networks at some of the country’s most well-known law firms, likely looking for confidential information to exploit through insider trading schemes. Indeed, the data security threat is so high that law enforcement officials regular regularly divide business entities into two categories: those that have been hacked and those that will be.”

Encryption

Encryption means storing and moving data in a format that is unreadable to anyone who accesses the information improperly.

Virtual Private Networks (VPN)

A Virtual Private Network is a connection method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. When using computers, smartphones, and tablets to work on client materials outside the office, using a VPN allows you to create a secure, encrypted tunnel to a secure internet point, and prevents your work from being intercepted.

Without a VPN, hackers can easily intercept information transmitted over unsecured wifi.

Passwords

Everyone uses passwords to protect their private information, but many also make simple mistakes that open up the possibility of a data breach.

Three simple tips for good passwords are:

Make them hard to guess. Generally, a long password that's easy to remember (think passphrase instead of password), is much harder for a computer to guess than a short, random password.
Make them unique. Even the hardest to guess password is useless if a service you use gets hacked and it's released into the wild. As soon as usernames and passwords are hacked from one company, hackers go to work trying them on other targets, so use a password manager to keep track of unique passwords for every site.
Make them one of several factors. When possible, use two-factor authentication so that even if a hacker gets your password, they can't use it without also having your phone or some other identifying feature.

More Resources

The ABA Cybersecurity Handbook by Jill D. Rhodes (Editor); Robert S. Litt (Editor); American Bar Association, Cybersecurity Legal Task Force Staff (Contribution by)
Call Number: KF318 .A7518
ISBN: 9781634259798
Publication Date: 2019-05-07
Law Firm Cybersecurity by Daniel B. Garrie; Bill Spernow
Call Number: KF318 .G37
ISBN: 9781634257008
Publication Date: 2017-12-07
Cybersecurity for the Home and Office by John Bandler
Call Number: KF390.5.C6 B34
ISBN: 9781634259071
Publication Date: 2018-09-07
Locked Down by Sharon D. Nelson; David G. Ries; John W. Simek
Call Number: KF320.A9 N45
ISBN: 9781634254144
Publication Date: 2016-08-07