During the month of August alone, the Center for Strategic & International Studies recorded nine cyber attacks that targeted government agencies and/or high-tech companies or caused an economic loss of more than one million dollars. As of May 25, 2021, according to the Health Sector Cybersecurity Coordination Center or HC3, there had been 82 ransomware incidents that affected the healthcare sector worldwide. Colonial Pipeline suffered a ransomware attack in late April that had a profound impact on the critical infrastructure system of the United States. As cyber attacks and ransomware attacks become more prevalent, it is incumbent upon businesses, large and small, to take immediate steps to reduce their risk of falling prey to cyber criminals and hackers.
Read more2021 Cybersecurity Legislation Compiled by the National Conference of State Legislatures
According to the National Conference of State Legislatures (NCSL), so far in 2021, “At least 44 states and Puerto Rico introduced or considered more than 250 bills or resolutions that deal significantly with cybersecurity.” In Texas, there have been 27 bills related to cybersecurity this legislative session, three of which have been signed by the governor to date.
Read moreLatest & Greatest – The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business Professionals
The Law Library’s newest addition to its Legal Tech Collection is The ABA Cybersecurity Handbook. Sponsored by the ABA’s Cybersecurity Legal Task Force, The ABA Cybersecurity Handbook strives to provide attorneys and business professionals with an overview of the many aspects of cybersecurity and some practical considerations in the event of a cyber breach.
The book begins with some background for aid in understanding a cybersecurity threat and its attendant risks. The writers provide examples of the most common threats and how law firms can address them. There is also an explanation of the cyber network, its organization, and potential threats, and how defensive systems work and respond to perceived threats. There is a discussion of the lawyer’s obligation to provide data security under the ethics rules and ABA formal opinion 477R and some advice as to when the lawyer should discuss the issue of cybersecurity with her client. The book concludes with some best practices for becoming prepared through international business community management system series of standards and the international information security management system series of standards. The authors also address the cyber-related challenges faced by large law firms, solo practitioners and small firms, in-house counsel, government lawyers, and public interest attorneys.
No one is immune from the increasing number of cyber threats and breaches and the confidential data that can be targeted in these attacks. The cost of being prepared is minimal compare to the cost of corrupted data and loss of trust. The ABA Cybersecurity Handbook can help you become better prepared.
Other titles on this topic include: Encryption Made Simple for Lawyers, Locked Down: Practical Information Security for Lawyers, and Technology Tips for Lawyers and Other Business Professionals.
New On-Demand Video CLE: Practical Cybersecurity for Lawyers
The Legal Tech Institute at the Harris County Law Library has just released a new video CLE. Practical Cybersecurity for Lawyers is the latest addition to our Learning On-Demand CLE library, where you can earn CLE credit in Texas while staying up to date on legal tech. Visit the Law Library's Legal Tech Institute page for more on our legal tech learning opportunities.
WannaCry and the Risks of Not Protecting Client Data
Friday's massive cyber attack exposed the fragility of our IT infrastructure and reminded us to aggressively fortify our digital vaults. The WannaCry ransomware that has taken down computers across the globe is causing perhaps the most prolific cyber attack to date, and it is expected to get worse.
Protecting your personal data is important, but securing the privileged information entrusted by clients is absolutely essential. From solo and small firm practitioners to large legal and business institutions, the need for data protection is a real concern. According to BakerHostetler's second annual Data Security Incident Response Report, phishing/hacking/malware accounted for 43% of all 2016 cybersecurity events at the more than 450 institutions they examined. Ransomware was the biggest development of last year accounting for 23% of all network intrusion incidents at the companies represented in the study, and the attacks show no sign of abating. Last week's WannaCry incursion is just one example of this growing threat.
Fortunately, the BakerHostetler report provides a broad range of lessons for identifying threats and mitigating risks. It advises firms to establish best practices for "compromise readiness."
- Focus on the basics.
- Develop education and awareness programs.
- Implement data inventory and risk assessment procedures.
- Share threat warnings with those in your firm.
Suggested further reading:
- Law Firm Cybersecurity (2017) -- ABA Book Publishing / Solo, Small Firm and General Practice Division
- Will Ransomware Attack Make Law Firms ‘WannaCry’? (May 15, 2017) -- The American Lawyer
- Law Firms Must Manage Cybersecurity Risks (May 2, 2017) -- ABA Journal
- Preparing for Ransomware Attacks: Your Company is a Target (April 3, 2017) -- Nine steps to getting prepared
- The Ransomware Epidemic in Law Firms (February 10, 2017) -- Legal Technology Today podcast
- Protecting Yourself from Ransomware and Cyber-attacks (Sep/Oct 2016) -- ABA GPSOLO