Cyber Horror Stories, And What Your Firm Can Do To Avoid Being In One

This ABA Journal article covers largely familiar ground, but puts it succinctly and in one package. It concludes with a range of strategies that law firms would be foolhardy not to at least consider. The article begins with a familiar story, hypothetical but all too plausible: The lawyer gets an email from a client, including an urgent request to take a look at an attached document, and the attachment is duly opened. Two weeks later confidential documents about one of the firm’s litigation projects hit the internet. The client, incensed, fires the law firm and files a lawsuit. The ABA Journal article then catalogs some actual recent cases of high-profile law firm breaches – it’s getting to be quite a long list – and goes on to provide an overview of best practices to avoid being a victim. This includes providing a survey of cybersecurity regulations – state, federal, and industry-specific – as well as best practices, both technological and organizational. Some of the most effective strategies look to be among the most difficult to implement. These include establishing limits on “connectness” within the firm – in other words figuring out who really needs to see what information, and limiting access to various categories of information on that basis – and doing real-time monitoring of the network, so that anomalies are detected and dealt with early.