Whether you’re a legal administrator, office administrator or managing partner in your law firm, you need to lead the charge to create awareness around data privacy for lawyers in your firm. Examining the reasons behind cyber insurance claims, the numbers reveal that the biggest threat accounting firms face is internal — the lack of training among its employees and contractors.
In September of 2017, Deloitte, one of the Big Four accounting firms, revealed that the company was a victim of a cyber attack. While no extensive details were announced about the attack, it prompted Deloitte to start “implementing its comprehensive security protocol and initiating an intensive and thorough review.” The need for data privacy for lawyers who are running accounting firms, especially those who employ lawyers, is highlighted with these recent threats. It’s a constant threat forcing accounting firms to be vigilant.
How prepared are you for these hacking attacks as a law firm?
Why Onboarding Lawyers Reiterated The Need For Data Privacy For Law Firms
Following a trend in Europe, US accounting firms started recruiting lawyers in 1999 to expand the services they could offer to their clients. This prompted the American Bar Association to create the Commission on Multidisciplinary Practice to probe how professional service firms ran by accountants are providing legal or legal-like services to the public.
Data Privacy For Lawyers: More Services = More Data To Protect
Hiring lawyers allowed accounting firms to offer more services such as employee benefits consulting, and estate, business and tax planning. This also meant accounting firms began to become custodians of a large amount of confidential data. As a response, the American Bar Association (ABA) updated its Model Rules of Professional Conduct to include “technology amendments.” These changes provide advisory rules for managing client data.
If you’re a lawyer, it’s important that you uphold the following suggestions from the American Bar Association to prevent incurring fines and regulatory penalties.
Any strategy involving data privacy for lawyers starts with a full understanding of the motivations as to why hackers target lawyers. There are two primary reasons behind cyber attacks aimed at lawyers and law firms according to the ABA:
1. They obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client
2. The information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client
Lawyers are a constant target among cyber felons so bringing them on board also increases the risk of a data breach in your firm. If you want to learn about the basics of cybersecurity, watch the recap of our webinar: Cyber Fortress – Data Protection For Your Business. This is especially important if you work with proprietary information in sensitive industries such as education, defense, banking, healthcare, industrial designs, and mergers and acquisitions.
Data Privacy For Lawyers: Provider Competence — Your Office Administrator Has Your Back With Selecting A Managed Service Provider
Under its Model Rules of Professional Conduct, the ABA requires lawyers to provide competent representation to a client. Specifically, the ABA recommends:
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…
As a best practice in data privacy for lawyers, make sure that if you’re a legal administrator or a managing partner that the lawyers in your firm have a clear understanding of how confidential, private, and sensitive data is stored and shared. Understanding how client data is accessed and moved will educate your lawyers on the different vulnerabilities that hackers can exploit.
Your office administrator is responsible for picking competent IT partners who understand the legal industry and are on the cutting edge of technology trends, threats and technology to improve your business’ efficiency.
Watch Out For In-House “IT Guy” Support: Avoid The 100% Reactionary Bandwagon
Have an in-house “IT guy” who you call when things are breaking or not working? Careful. Consider this: Working with an outsourced, dedicated managed IT support services team means you’re with a technology partner who is dedicated to running an efficient business as well, rather than a single (or few people) on an in house team who are salaried for 100% reactive support. Don’t get caught in the reactive IT support trap.
Theodore F. Claypoole, a partner at Womble Carlyle Sandridge & Rice, LLP, in Charlotte, North Carolina, explains the role lawyers play in data security:
Attacks on client business will continue, and some will be successful. The lawyer’s job should be to prepare a client not only to fight these attacks but to manage expectations and prove the logic of its plans when an incident turns into a data exposure. Lawyers are risk management professionals, and data security is an act of risk management.
That leads us to the next question…
Should Legal Administrators, Office Administrators, or Partners In Your Law Firm Take The Lead In Data Protection?
A lawyer’s expertise on cybersecurity starts and stops with the legal and regulatory elements involved. However, they are not responsible for the actual procurement of the infrastructure and implementation of cybersecurity technology in your accounting firm. In fact, letting lawyers in your staff take the lead in cybersecurity is not advisable.
Whether you’re a legal administrator, office administrator or managing partner in your law firm, the bottom line is SOMEONE needs to lead the charge to create awareness around a data protection strategy for your law firm. Examining the reasons behind cyber insurance claims, the numbers reveal that the biggest threat accounting firms face is internal — the lack of training among its employees and contractors. Ultimately- if you are a lawyer your energy is probably best served on your clients and cases on the table, and letting your office administrator know your concern gets the conversation started.
Data Privacy For Law Firms: Partnering With An MSP For An End-To-End Cybersecurity Management
The reality is not all firms would have the capacity to hire an entire IT team to manage cybersecurity initiatives — from technology acquisition, employee training, treat monitoring and assessment, business continuity, and IT support. Unexpected overages can quickly send your IT budget through the roof.
Enter the expertise of a managed services provider (MSP).
Outsourcing your firms IT and cybersecurity needs to a third party may sound expensive, but numerous firms have found this strategy to be cost-effective. With a managed service provider, your firm can roll out a stronger data privacy protection system in place, as opposed to hiring an in-house IT team.