Lawyers Must Do More to Protect Cybersecurity
FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the Internet.
Lawyers should know how to protect information belonging to their firms and their clients, right? Well, perhaps they can do a better job, according to The Wall Street Journal. Indeed, it’s now more important than ever for lawyers’ cybersecurity skills to get up to speed.
According to the article, hackers intent on insider trading may target attorneys who handle merger and acquisition transactions. They could put links in text messages that, when clicked on smartphones, activate malware that could log keystrokes and record phone conversations.
As a result, lawyers who rely on mobile devices (practically all lawyers these days) need to take precautions such as encrypting messages and not using Wi-Fi connections, which can be vulnerable to information compromises.
In addition, at least one Los Angeles law firm received emails that indicated that they were from law firm members, The Journal reports. However, they actually were Trojan emails that were intended to lift data from the firm’s computers. The emails were traced to servers in China.
Cyberattacks against law firms are apparently on the rise, putting lawyers’ cybersecurity at risk. It is not entirely clear how pervasive the problem is, as law firms are reluctant to publicly reveal when they’ve been hacked. Nevertheless, the concern in this area is real. Attorneys are charged with the responsibility of protecting as sacrosanct the privileged and confidential information of their clients. They therefore need to be sensitive to cybersecurity risks that concern not only their firms, but also their clients.
Perhaps not surprisingly, some bar associations are encouraging attorneys to take appropriate technological steps to protect client information as part of their ethical duties. And the ABA may come to the table soon as to whether a lawyer’s cybersecurity obligations should be incorporated into the model rules of professional conduct.
Stay tuned and be careful out there.
Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (https://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes. His Web site is https://www.sinrodlaw.com and he can be reached firstname.lastname@example.org. To receive a weekly email link to Mr. Sinrod’s columns, please send an email to him with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.