In the 1990s and the earlier part of the last decade, computer security problems were mostly attributable to internal failings (mistakes in computer configuration, accidental loss of laptops, and some employee malfeasance), and to a lesser extent, malicious actions by outsiders. Most of these early security failures had limited impact. Back then, there were few organized, systematic, or sophisticated attacks on corporations’ computer security, and legal exposure, including that of law firms and other practices, seemed entirely absent and unlikely. There was some complacency with the sense that most cyber attacks were against the government, rather than specific corporations or law firms. This has changed. The most recent Verizon Data Breach Investigations Report notes that security losses due to insiders or loosely organized groups are now dwarfed in size by the actions of organized groups using highly sophisticated and effective tools.

Worse, law firms, government law departments, and other similarly situated organizations have become prime targets. Lawyers have limited resources to dedicate to computer security, may not have a sophisticated appreciation of the associated technology risks, and lack an instinct for cybersecurity. Lawyers have become “soft targets in the hunt for insider scoops on mergers, patents, and other deals.” At the same time, law firms may not only be soft targets, they may also be attractive targets — if they are known to have a large corporate client base, an attacker may be drawn to them, like a bee to honey. While the corporate clients themselves may have sophisticated computer security defenses, their law firms’ defenses are probably weaker. And once inside a law firm’s defenses, the intruder likely has access to all of the firm’s client information.

The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms and Business Professionals provides practical cyber threat information, guidance, and strategies to lawyers and law firms of all sizes. The guide considers the interrelationship between lawyer and client, establishing what legal responsibilities and professional obligations are owed to the client in the event of a cyber attack. The book provides strategies to help law firms defend against the cyber threat, and also offers information on how to best to respond if breached.

The practicePRO Lending Library is a free resource for Ontario lawyers of more than 100 books on a wide variety of law practice management related topics. You can see a full listing of our books here. You may borrow a book in person or via e-mail.

The practicePRO Library is located in our office at 250 Yonge Street, Suite 3101 in Toronto and can be visited during our regular business hours (Mon to Fri, 8:30 to 5:00). We invite you to come by anytime (please email in advance)to peruse our selection. All titles in the practicePRO Lending Library can be shipped to Ontario lawyers at our expense, and returned at yours after three weeks.

If you would like to borrow this or any other book please email us. Most of our titles are also available from the American Bar Association Web Store or the major booksellers here in Canada.

Categories: Fraud Prevention