Dear Doc:I’m an attorney, and like most other lawyers, I went to law school because just the thought of taking organic chemistry in college gave me the dry heaves. Now the state Supreme Court has added a new rule that all lawyers have to follow. That rule says, “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”
“Relevant technology” is the part that scares me to death. If Equifax, Deloitte, and other major corporations can’t stop the hackers, how am I supposed to understand, let alone deal with the “risks associated with relevant technology”? Please say that there is a way.
Signed,
Anonymous, Esq.
Dear A:
Like any other business professional, you probably use a great deal of technology because it makes your work faster, easier and more profitable. The new rule j(Rule 1.1, Comment #8) just balances all of those “benefits” with the downside “risks” that you’ve been ignoring. The legal profession has a special responsibility to safeguard our clients’ information, which they entrust to us in order to permit us to advise them. Because law firms and corporate legal departments use and store a lot of important and valuable information, but have been very slow to implement even simple measures to prevent hacking, lawyers have become, for cybercriminals, sitting ducks. Over the past few years, law firms have been hacked, losing sensitive client data, and millions of dollars to online criminals, but rarely admitting that they have been victims. Fortunately, the profession is SLOWLY changing for the better.
You see, A, clients have been reading about hacking incidents, and have started to demand that their information be protected by their attorneys, accountants, and other advisors. You now have a legal duty to “come up to speed” and more importantly, to do something about that old Windows XP laptop you still use (like run it over with your car!) You need to figure out how to use two-factor authentication, strong passwords, encrypted storage, digital certificates, biometrics, and automatic patches, and if any of those things sound like gibberish to you, you need to get educated. Fast.
Clients are asking their lawyers about how they secure their systems. The Doc himself uses full disk encryption, offers to encrypt email messages, has multiple firewalls, malware scanners, and uses the latest software, automatically kept up to date to counter newly discovered online threats. He never clicks on emails that are suspicious, and never opens files that come from untrusted sources or that have not been scanned for malware. He advises his clients to use the same level of paranoia. After all, just because you’re paranoid, it doesn’t mean that they’re NOT out to get you!
Want to learn more? Just ask the Doc. He’ll scan your email, and if it’s clean, you’ll get some great tips on cybersecurity. The Doc has even been teaching lawyers and their staff members about cybersecurity. Want to protect your intellectual property with patents, trademarks, copyrights, trade secrets, licenses, and other legal gibberish? Ask any atttorney at LW&H. They’re great at that stuff, too.
Until next month’s gigantic cybercrime hits the front page, keep on clicking those Nigerian emails…
The Doc