Byte of Prevention Blog

by Jay Reeves |

Do You Have a Hacker on Your Payroll?

Pin on Pinterest Share on Google+ Share on LinkedIn

do you have a hacker on your payroll?The biggest threat to your firm’s computer security is probably not some shadowy hacker on the other side of the globe.

It is more likely a trusted employee just across the hall.

“The single biggest threat is people inadvertently bringing down a virus from outside or through a phishing scheme,” says one law firm cyber-specialist. “You can never tell your workforce enough ‘don’t do this’ or ‘don’t do that.’”

It’s probably not terribly reassuring to consider the fact that your worst cyber-nightmare might well be on your payroll. But it should be. That’s because it is easier to combat local, identifiable threats than distant, anonymous ones.

Take a look at the main areas of law firm vulnerability, courtesy of Philadelphia data privacy lawyer John F. Mullen:

  • An employee downloads a virus.
  • An employee clicks on a link in a suspect email.
  • An employee loses an unencrypted laptop loaded with sensitive information.
  • A law firm vendor with access to client information is breached.
  • A foreign hacker taps into law firm info.

Only the last scenario involves an unknown agent. All the others involve known – and therefore controllable – agents.

Keeping Your House Clean

So how to make sure the next Edward Snowden is not lurking in your break room?

Start with common sense. Hire good people. Screen them carefully. Use professional headhunters and professional staffing services to do the vetting for you.

Here are some other suggestions:

  • Be vigilant. Cyber-risk is real. Just look at recent headlines. Target, Barnes & Noble, Google, J.P Morgan – and countless others that haven’t made the news – have been victims of massive data breaches. And it is not just mega-corporations. Anyone with a computer and an Internet connection is vulnerable.
  • But don’t panic. Read enough articles on cyber-liability and your hair will burst into flames. You will start stocking up on legal pads, batteries and bottled water. You will hole up in your office, disconnect the modem and never boot up again. Relax. While the risk is real, it is neither inevitable nor rampant. Many of the most terrifying “hackers are everywhere” articles are written by vendors that have a financial interest in ratcheting up your fear.
  • Know your vulnerabilities. International transactions, multiple parties and big bucks flowing online are all risk factors. So are branch offices, e-banking and outside vendors. Some software programs are more susceptible to hackers than others. Identify your weak spots – bring in a cyber-consultant if necessary – and shore them up.
  • Develop a data security policy. Are employees allowed to use work computers for personal email? Can they take laptops and other devices home? Who has access to passwords? How often are the passwords changed? Is there a chain of command for reporting potential problems?
  • Put your policy in writing. Explain it to everyone and make sure they’re on board. Encourage feedback and questions. Follow up to ensure adherence to protocols and procedures. Revisit your plan regularly to keep pace with changes in technology.
  • Call in a pro. A legal technology consultant might have answers to questions you don’t even know to ask. Some firms even hire experts to conduct security audits – in effect, inviting cyber-sleuths to try to hack into their own systems to expose soft spots.
  • Don’t overlook physical security. How easily can strangers enter and leave your office? Must visitors sign in? Do you have private security? Cameras?

The Confidence Game

Rule of Professional Conduct 1.6 prohibits unauthorized disclosure of confidential information. This rule applies not just to what your client tells you but all information acquired during the representation, regardless of the source.

  • Comment [17]: A lawyer must act competently to safeguard information acquired during the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision.
  • Comment [18]: When transmitting a communication that includes information acquired during the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the client's expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule.

How Safe Are You?

What data security steps are you taking? What works and doesn’t work? We’d love to hear from you.

Source: The Legal Intelligencer http://www.thelegalintelligencer.com/id=1202646262515/Law-Firms-Prime-Data-Security-Threat-Their-Own-Employees?slreturn=20140810190207

Jay Reeves a/k/a The Risk Man is an attorney licensed in North Carolina and South Carolina. Formerly he was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. Contact jay.reeves@ymail.com.

 

About the Author

Jay Reeves

Jay Reeves practiced law in North Carolina and South Carolina. He was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He is the author of The Most Powerful Attorney in the World, a collection of short stories from a law life well-lived, which as the seasons pass becomes less about law and liability and more about loss, love, longing, laughter and life's lasting luminescence.

Read More by Jay >

Related Posts

LM Portal Access your LM Portal for policy information and forms.
Need Insurance? See the difference service can make.
Payment Due? Make an online payment now.
Lawyers Mutual NC Logo

Get In Touch

Lawyers Mutual Insurance Company
1001 Winstead Drive, Suite 285

Cary, NC 27513

919.677.8900
 | 
1.800.662.8843

Fax: 919.677.9641

Latest Alerts

The Corporate Transparency Act: What North Carolina Law Firms Need to Know

Lawyers Mutual has published previous alerts regarding the new filing requirements under the Corporate Transparency Act (“CTA”) that went into effect January 1, 2024. After reviewing additional resources, we want to emphasize concerns that we have about the risks and increased potential liability for lawyers undertaking the reporting requirements. This is especially true for the continuing reporting requirements after entity formation and initial reporting.  

Learn More

eCourts Expansion Announced for 2024

The North Carolina Administrative Office of the Courts (NCAOC) recently announced additional go-live plans for counties transitioning from paper files to Enterprise Justice (Odyssey), which currently serves Harnett, Johnston, Lee, Mecklenburg and Wake counties. Twelve northeastern counties comprising Track 3, as previously announced, will go live on February 5, and 10 counties comprising Track 4 (Alamance, Chatham, Durham, Franklin, Granville, Guilford, Orange, Person, Vance and Warren) will go live on April 29.   

Learn More