Attorney-Client Privilege Is at Risk for Law Firms

Lawyers build their professional relationships with clients on the understanding that whatever they discuss will remain confidential.  This promise is being tested and broken every day by cyberattacks.

Today’s cybercriminals are gaining unauthorized access to law firm client’s sensitive information at alarming rates.  Since law firms operate as a repository of sensitive information, from proprietary trade secrets to personal data such as social security numbers and medical information, they have become prime targets for cyberattacks.

A single breach can lead to costly litigation and loss of client trust.  Law firms are at risk of legal malpractice allegations due to poor cyber security, making cyber security the biggest issue facing the legal industry today.

In response to this increasing threat, in May 2017, the American Bar Association (ABA) Standing Committee on Ethics and Professional Responsibility issued Opinion 477.  This opinion addresses the securing communication of protected client information, where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access.

In October 2018, the ABA Standing Committee on Ethics and Professional Responsibility issued Opinion 483, which outlines a lawyer’s obligations after an electronic data breach or cyberattack.  The introduction to this opinion states, “the data security threat is so high that law enforcement officials regularly divide business entities into two categories: those that have been hacked and those that will be.”

Today, law firms must adopt a “breach mentality.”  Protecting your firm against cyberattacks is not a one-and-done job – it requires never-ending vigilance.

Follow these steps to create a framework that your firm can implement to prevent a cyberattack.

1. Audit

Perform an audit to identify which law firm policies are or are not working.

2. Well-trained Staff

It takes only one click of an e-mail to fall victim to a phishing scam.  Educate employees of the do’s and don’ts. Also, have an incident response plan in place.

3. Control Access

Set up user-based permissions and access controls.

4. Encrypt All Confidential Information

5.   Update Your Operating Systems to Strengthen Vulnerabilities

For more information view this video and contact Charles Leach.

Video: Protecting Law Firms from Cyberattacks