New Cybersecurity Recommendations For Lawyers
March 18, 2021
Here is a recent Daily Record column. My past Daily Record articles can be accessed here.
*****
New Cybersecurity Recommendations For Lawyers
Now that lawyers have been intermittently working remotely over the past year - and may continue to do so in the near future - their ethical obligations relating to cybersecurity practices have taken on a whole new level of importance. That’s why technology competence is paramount in 2021: it is essential for law firm leaders to have a full understanding of cybersecurity issues and how they may affect their displaced workforces, especially since lawyers and other law firm employees will likely continue work remotely at different times throughout the coming year.
The good news is that since the start of the pandemic, a number of different bar associations have provided cybersecurity ethical guidance, with the State bar of Wisconsin most recently weighing in on this issues in Wisconsin Formal Ethics Opinion EF-21-02. In this January opinion, the Wisconsin Bar ethics committee offers advice on a number of different issues related to practicing law remotely, including lawyers’ obligations to secure IT systems, protect confidentiality and communicate securely.
At the outset, the Committee focused on the duty of technology competence, explaining that basic technology competence includes, at the very least, “knowledge of the types of devices available for communication, software options for communication, preparation, transmission and storage of documents and other information, and the means to keep the devices and the information they transmit and store secure and private.”
Next, the Committee turned to its cybersecurity recommendations and emphasized the importance of securing law firm devices and systems by putting into place strong safeguards to provide protection for remote working processes. The guidance included a broad range of cybersecurity issues, including password protection, encryption, data backup, and secure communication.
After providing a brand spectrum of general advice, the Committee then offered extensive list of cybersecurity recommendations. What follows is a truncated version of the cybersecurity best practices covered by that list:
- Require strong passwords to protect data and to access devices.
- Use two-factor or multifactor authentication to access firm information and firm networks.
- Avoid using unsecured or public WiFi when accessing or transmitting client information.
- Use a virtual private network (VPN) when accessing or transmitting client information.
- Use and keep current antivirus and antimalware software.
- Keep all software current: install updates immediately.
- Supply or require employees to use secure and encrypted laptops.
- Do not use USB drives or other external devices unless they are owned by the firm or they are provided by a trusted source.
- Specify how and where data created remotely will be stored and how it will be backed up.
- Save data permanently only on the office network, not personal devices.
- Use reputable vendors for cloud services.
- Encrypt emails or use other security to protect sensitive information from unauthorized disclosure.
- Encrypt electronic records, including backups containing sensitive information such as personally identifiable information.
- Do not open suspicious attachments or click unusual links in messages, email, tweets, posts, or online ads.
- Use websites that have enhanced security whenever possible.
- Do not have work-related conversations in the presence of smart devices such as voice assistants.
Certainly, there’s even more advice where that came from, so make sure to read the opinion in its entirety for lots of useful cybersecurity guidance from the State Bar of Wisconsin. And then, take the advice offered to heart and implement any cybersecurity suggestions not yet in place in your firm. Finally, and most importantly of all - maintain technology competence, keep innovating, and stay safe out there!
Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].