Cyber attacks on health data are increasing. Lawyers need to be prepared to be the next line of defense.
It’s not news to anyone to note that cyber attacks are on the rise. Also possibly unsurprising, lawyers aren’t always the fastest to understand new technology. But it’s more important than ever for lawyers to get on board with cyber security, because if they aren’t careful they could be the weak link in a very long, high-profile chain.
Some have said that with lawyers and technology, it’s not a race to be first but a race to be second; no one wants to do things first, but they don’t want to be left in the dust either. There’s a wisdom to this philosophy, as Kenneth Grady of Seytlines points out:
This is not a diatribe against technology, far from it. But, we must recognize – and more people are recognizing – that technology does not advance along a smooth, problem free curve…As such, we could have applications hitting the market that cause intentional or unintentional harm. It is one thing if you lose at Candy Crush when you should have won. It is another if you lose your investments when you should have gained on a sale.
Taking the time to step back and examine your processes and the technology you use isn’t a bad thing, and could save you a lot of time—and potential embarrassment—down the line.
But in this, the age of Ultron, technology is more ubiquitous than ever, and lawyers can’t afford to be so cautious they miss out on the advantage. If you’re not online it’s harder for your clients to verify things about you over your competition—which they increasingly do. Knowing how the internet works (and how you can work it in your favor) is so vital to lawyers these days. Gerry Riskin recently relayed on Amazing Firms, Amazing Practices:
Sam Glover, founder of The Lawyerist, believes that all lawyers must be familiar with the fundamental operating principles of the technology that we use every day. In his opinion, basic knowledge of the internet and how computers work is essential to the maintenance of legal competence as set out in the American Bar Association’s Rule 1.1. – specifically Comment 8, which talks about “the benefits and risks associated with current technology.”
Glover argues that without knowledge of how the internet came into being and how it works, we cannot competently assess the risks to clients and ourselves of various security threats, or even the use of computer functions that have become commonplace – such as working with a cloud.
Obviously, it’s an ambitious proposal. But in a time when cyber attacks have grown 125 percent over the past five years, lawyers can’t afford not to.
Lawyers regularly help clients navigate confidential matters and business transactions. From intellectual property to managing funds to litigation disputes and beyond, countless sensitive documents and information cross the desk (or desktop) of the average lawyer. There’s more ways than ever for data breaches to occur. And with clients potentially stretching across the prominent military, corporate, and energy companies it’s essential that proper care be taken with lawyers’ security.
Though there are laws around data breaches in place in most states, a New York Times article on a report from Citigroup’s cyberintelligence center warned that the reluctance of most law firms to publicly discuss any cyberintrusions coupled with the lack of data breach reporting requirements in the legal industry made it “not possible to determine whether cyberattacks against law firms were on the rise.” But chances are if you’re a major law firm you’ve already been hit in some way.
The bad news for tech holdouts is that the world won’t go backwards; cyber crime will never go away entirely, and as it stands now losses from cyber attacks are estimated at a startling $2 trillion per year. The best way to avoid being part of that unbelievable profit? Getting familiar with cyber defense now.
Of course the advice in Osterman’s Report is not limited to lawyers, these phishing and malware scams affect all industries. Here a 3 of the 8 key takeaways:
- Cybercriminals are getting better, users are sharing more information through social media, and some anti-phishing solutions’ threat intelligence is not adequate. This makes organizations more vulnerable to phishing attacks and other threats.
- Users should be considered the first line of defense in any security infrastructure, and so organizations should implement a robust training program that will heighten users’ sensitivity to phishing attempts and other exploits.
- IT and business decision makers should implement best practices to help users more carefully screen their electronic communication and collaboration for phishing and other social engineering attacks.
Without question these cyberattacks will not abate anytime soon, so every employer should be training employees continuously.
Lawyers can’t afford not to be in the know around technology and cyber security. If they aren’t they won’t just get left in the dust, they’ll get picked apart.