Using the public wifi at your nearby coffee shop might get your client's personal information into the wrong hands.
According to panelist Mike Mooney, senior vice president at USI Affinity, attorneys should use their own device and turn it into a personal hotspot to protect themselves and client data, however good the public wifi is.
This was one of several actionable items the panelists at the Career Development Conference program, "Skills Lawyers Need to Know When It Comes to Cyber Insurance and the New York Shield ACT" advised the audience on January 27 during Annual Meeting.
On July 26, New York's governor signed the "Stop Hacks and Improve Electronic Data Security" (SHIELD) Act, requiring businesses to implement safeguards for the "private information" of New York residents and broadening New York's security breach notification requirements. The security requirements take effect on March 21, 2020. The Attorney General can sue for data breaches or failure to comply with cybersecurity requirements.
Likewise, the American Bar Association Formal Ethics Opinion 477R (May 22, 2017) declared that lawyers are required to make reasonable efforts to ensure their communications are secure and not subject to inadvertent or unauthorized cyber security breaches.
Small businesses, particularly small law firms, are at risk for cyberattacks, comprising more than 60 percent of cyberattacks. Mooney said there are two reasons for this: rich collections of confidential information and law firms aren't always known for being tech savvy.
According to Greg Cooke (USI Affinity), it has been estimated that half of the small businesses that suffer a cyberattack go out of business within six months as a result. "It can take up to six months to realize that you have been attacked," added Mooney. "Small business are targeted for cyberattacks because they lack sufficient resources and in-house knowledge to address cyberattacks."
What to do
Having an extra layer of protection beyond a username and password "(two-factor authentication) is effective. You'll get used to it quickly," said Marian Rice of Garden City (L'Abbate Balkan Colavita & Contini), who co-chairs the Law Practice Management Committee. Rice also suggested that attorneys always do your Windows Security Updates, no matter how busy you are. "It's an easy way to stay up to date and compliant."
Daniel Connolly of Berkeley Heights, N.J. (JDL Group, Inc.) said that lawyers need to encrypt any data involving financial information. "If you are not, you are exposing yourself to risk," said Connolly. "It's not just your data; it's your clients' data."
Clients increasingly demand cyberinsurance, according to Cooke. It does not cover theft of corporate intellectual property or trade secrets, nor does it cover brand damage and loss of future revenue.
Lastly, don't overlook what your fellow lawyers are doing to stay safe. "This is why bar associations are so important because you have a network of people to talk about what you are doing and what steps to take," said Rice.
To keep up with the changing law as ethics require it, visit www.nysba.org/cle.
Vogel is NYSBA's social media and web content manager.