Cybersecurity for Law Firms Is No Laughing Matter


Cybersecurity for Law Firms Is No Laughing Matter

How many lawyers does it take to prevent a data breach or a malware intrusion? Just one, the
one who calls Overwatch Technology and lets us handle the rest.

Attorneys have a reputation for being Luddites, those who get dragged into the modern era
kicking and screaming. And results from the American Bar Association’s 2019 Cybersecurity
Report bears this out:

  • Nearly 40% of respondents didn’t know whether their systems were protected from
    viruses and malware
  •  36% had been infected
  • 26% don’t know if they had been affected.

Firm that experienced infections reported downtime to deal with the incident (40%),
consulting fees and remediation (32%) and loss of network access (23%).

Regarding data breaches:

  •  26% reported a breach
  •     19% didn’t know
  •     55% declined to answer the question

Not only is data security good business, it’s also codified in three Model Rules of
Professional Conduct and a Formal Opinion. Rule 1.1 regards “competent representation to a
client.” Comment 8 on the rule says an attorney should keep up with changes in the law and
its practice, “including the benefits and risks associated with relevant technology.”

Rule 1.4 regards client communication, which increasingly occurs through electronic means
that must be kept secure. Rule 1.6(c) is more explicit still: “A lawyer shall make reasonable
efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to,
information relating to the representation of a client.” A comment on this rule weighs
reasonable efforts versus the sensitivity of the information and the cost/difficulty of
employing safeguards. Few would argue that commonplace data security methods used in
other industries would represent either a difficulty or cost challenge.

  • Finally, ABA Formal Opinion 477 says that attorneys may need to employ heightened
    security precautions when required by a client agreement or a law or when the nature of the
    information requires a higher degree of security. Seven factors to consider to determine the
    right level of cybersecurity include:
  • Nature of potential threats
  • How client confidential info is stored and sent
  • Use of reasonable electronic security measures
  • Protecting electronic communications
  • Need to label client information as privileged and confidential
  • Training for lawyers and nonlawyer assistants
  • Due diligence on vendors who provide technology services

Whether you’re a sole practitioner or part of a 500-plus attorney law firm, keeping company
and client information secure should be a core competency. At Overwatch Technology,
helping law firms manage their technology assets and keep their data secure is one of our core

competencies. We help law firms large and small, providing top-notch security at a reasonable price.

What do you have to lose? Only your reputation and the trust of your clients.