The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Law Firms

  • From Vol. 3 No.8 (Apr. 19, 2017)

    What In-House and Outside Counsel Need to Know About ACC’s First Model Cybersecurity Practices for Law Firms

    The publicized breaches of major law firms last year served as a wake-up call for the legal industry, signaling the importance of having effective cybersecurity measures in place. On the heels of these breaches, the Association of Corporate Counsel released a set of model cybersecurity practices to help in-house counsel set expectations with respect to the data-security practices of their outside counsel and serve as a benchmark for best practices. But how realistic are those guidelines? Justin Hectus, the CIO and CISO of Keesal, Young and Logan, told The Cybersecurity Law Report that “the reality is that it’s a buyer's market right now in legal. If a law firm is not willing to do these kinds of things in order to keep the clients’ data safe, then another firm will be willing to do it, as there are plenty of firms that take these steps even absent client pressure.” We analyze the guidelines’ recommendations with input from Hectus on the practicality of their implementation. See also “Eight Attributes In-House Counsel Look For in Outside Cybersecurity Counsel” (Jun. 8, 2016); and “How Law Firms Should Strengthen Cybersecurity to Protect Themselves and Their Clients” (Mar. 30, 2016).

    Read Full Article …
  • From Vol. 2 No.17 (Aug. 24, 2016)

    Fulfilling the Ethical Duty of Technology Competence for Attorneys

    Rapidly evolving technology continues to change what it means for a lawyer to be competent. The Model Rules of Professional Conduct make clear in a 2012 amendment to Comment 8 of Rule 1.1 that lawyers not only have a duty to be knowledgeable of the substantive areas of law in which they practice but also to be competent in technology. At least 23 states have adopted the revised comment, and other states that have not formally adopted the rule change have nonetheless acknowledged the duty of technology competence for lawyers. A practitioner who is not technologically competent faces potential sanctions as well as malpractice and disciplinary exposure. BakerHostetler partner Karin Scholz Jenson and retired Magistrate Judge John Facciola spoke with The Cybersecurity Law Report about specific steps lawyers can take to achieve technology competence in various aspects of their practice. We also highlight some of the insight shared on the topic by other legal experts at a recent PLI panel, “Law Firms, Ethics and Cybersecurity.” See also “Examining Evolving Legal Ethics in the Age of the Cloud, Mobile Devices and Social Media (Part One of Two)” (Aug. 26, 2015); Part Two (Sep. 16, 2015).

    Read Full Article …
  • From Vol. 2 No.7 (Mar. 30, 2016)

    How Law Firms Should Strengthen Cybersecurity to Protect Themselves and Their Clients

    Law firms store a wealth of sensitive and confidential information electronically, making them prime targets for hackers. Not only does weak data security affect business development and client retention for firms, but can result in legal and ethical violations as well. How can firms meet clients' increasing data expectations? How can clients determine how robust their current and potential firms’ systems are? What mistakes are law firms making? John Simek, vice president and co-founder of cybersecurity and digital forensics firm Sensei Enterprises, Inc., answered these and other questions about law firm data security in a conversation with The Cybersecurity Law Report. See also “Sample Questions for Companies to Ask to Assess Their Law Firms’ Cybersecurity Environment” (Jun. 17, 2015).

    Read Full Article …
  • From Vol. 1 No.12 (Sep. 16, 2015)

    How the Legal Industry Is Sharing Information to Combat Cyber Threats

    “There’s only one way to defend America from these cyber threats, and that is through government and industry working together, sharing appropriate information as true partners,” President Obama said earlier this year.  Private efforts and proposed legislation are promoting increased information-sharing within industries, across sectors and between industry and government, and assuaging fears companies may have about participating.  The legal industry is working with Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit organization founded in 1999, to establish its own group, the Legal Services Information Sharing and Analysis Organization.  Cindy Donaldson, FS-ISAC’s vice president of products and services, discussed with The Cybersecurity Law Report how the organization, which is also working with the real estate and retail sectors, operates.  See also “Understanding and Addressing Cybersecurity Vulnerabilities at Law Firms: Strategies for Vendors, Lawyers and Clients,” The Cybersecurity Law Report, Vol. 1, No. 5 (Jun. 3, 2015).

    Read Full Article …
  • From Vol. 1 No.12 (Sep. 16, 2015)

    Examining Evolving Legal Ethics in the Age of the Cloud, Mobile Devices and Social Media (Part Two of Two)

     

    As technology advances – changing the way lawyers communicate with clients and store and use sensitive information – lawyers’ ethical obligations must evolve to keep up.  Addressing technology issues through a legal ethics prism, panelists Pamela A. Bresnahan, a senior partner at Vorys, Sater, Seymour and Pease; and David J. Elkanich, a partner at Holland & Knight, discussed the ethical issues that lawyers face when using technology in their practices, and the practical steps lawyers can take to prevent or mitigate these risks.  This second article in our two-part series covers ethical guidance for attorneys in the realm of social media.  The first article discussed application of ethical rules to technology and the proper use of cloud technology and mobile devices.  See also “Understanding and Addressing Cybersecurity Vulnerabilities at Law Firms: Strategies for Vendors, Lawyers and Clients,” The Cybersecurity Law Report, Vol. 1, No. 5 (Jun. 3, 2015).

    Read Full Article …
  • From Vol. 1 No.11 (Aug. 26, 2015)

    Examining Evolving Legal Ethics in the Age of the Cloud, Mobile Devices and Social Media (Part One of Two)

    Lawyers often don’t think about the ethics rules as applied to their conduct online or through the use of technology, panelists said at a recent conference hosted by PLI’s TechLaw Institute.  But as technology advances and continues changing the way lawyers practice, the ethical obligations of lawyers have also evolved in light of the new ways that practitioners communicate with clients, and store and use sensitive information.  Addressing technology issues through a legal ethics prism, panelists David J. Elkanich, a partner at Holland & Knight, and Pamela A. Bresnahan, a senior partner at Vorys, Sater, Seymour and Pease, discussed the ethical issues that lawyers face when using technology in their practices, and the practical steps lawyers can take to prevent or mitigate these risks.  This article, the first of our two-part series, covers ethical rules as they apply to technology and the proper use of cloud technology and mobile devices. The second part will cover ethical guidance for attorneys in the realm of social media.  See also Understanding and Addressing Cybersecurity Vulnerabilities at Law Firms: Strategies for Vendors, Lawyers and Clients,” The Cybersecurity Law Report, Vol. 1, No. 5 (Jun. 3, 2015).

    Read Full Article …
  • From Vol. 1 No.6 (Jun. 17, 2015)

    Sample Questions for Companies to Ask to Assess Their Law Firms’ Cybersecurity Environment

    Law firms constantly handle sensitive information, often in digital form, and, as Jennifer Topper of Topper Consulting explained in “Understanding and Addressing Cybersecurity Vulnerabilities at Law Firms: Strategies for Vendors, Lawyers and Clients,” defending against cybersecurity threats presents particular challenges to law firms and their service providers.  Corporate clients should understand how their law firms handle data.  In this article, Topper provides a non-technical questionnaire corporate clients can use to obtain and assess that information from law firms as well as from other vendors.

    Read Full Article …
  • From Vol. 1 No.5 (Jun. 3, 2015)

    Understanding and Addressing Cybersecurity Vulnerabilities at Law Firms: Strategies for Vendors, Lawyers and Clients

    Handling and discussing sensitive and confidential information is an essential aspect of law practice.  But, defending against cybersecurity threats attached to the increasing digital form of such information presents particular challenges to law firms and their service providers.  In a guest article, Jennifer Topper of Topper Consulting explores cybersecurity vulnerabilities at law firms that service providers often do not understand; structural and operational obstacles to addressing those vulnerabilities; and steps that law firms are taking, as client pressure increases, to address this critical issue.  In a subsequent issue of The Cybersecurity Law Report, Topper will provide a non-technical questionnaire corporate clients can use to help understand the data security at the law firms they use.  See also “How Can a Company Mitigate Cyber Risk with Cross-Departmental Decisionmaking?,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …