Mark Dubois Mark Dubois

Apparently October is Cyberattack Awareness Month. Who knew?

All I know is that every day is cyberattack day, because every day we are probed/attacked/offered malware/sent viruses and worms/socially engineered and in many, many ways explored for vulnerabilities which can lead to data breach, ransom demands and compromised confidentiality.

There’s a neat flyer that explains how to be aware of some of the standard attacks available below.

Managing partners should blow this up and paste it on the walls of every office, every cubicle and next to every computer. Here are a few hints from my own experience repping lawyers who have taken the bait and had bad things happen.

No one from Singapore, the Netherlands, Michigan or anywhere else wants you to pursue a debt, write a purchase and sale agreement, or otherwise represent anyone in “your jurisdiction.” It just never happens. You’re not that famous, important, well thought of or possessed of a high enough profile that people from all over the country or the world are trying to get you to rep them.

No one is going to give you a piece of business where the defendant/counterparty immediately confesses the debt or sends the deposit and mails you a check for the full sum by return mail.

No client is ever going to let you take 20 percent of a recovery on a file you just opened simply for the huge work of depositing the check into your IOLTA account and wiring them the rest. It never happens.

None of your friends or colleagues are going to email you unexpected letters as attachments and ask you to get back to them. If they do (one actually did that to me the other day), you should open it only after calling and confirming that they were the sender. P.S., don’t email them back to confirm that it’s them; you will get a spoofing email saying “of course it’s me.” It’s not.

None of your friends just saw something cool in the paper and thought you’d be interested in the link.

If you use an outside vendor for paralegal work, you’d better make sure they are as paranoid about security as you are. I’ve seen more than one closing deposit or mortgage funding diverted because the outside para was hacked and spurious wiring instructions were sent to the sender seconds before they hit send.

Don’t think you can lay missing funds off on the bank that accepted your deposit of a bogus check. If you deposit it, it’s your responsibility. Ask your pals who do banking work. The banks never pay.

Make sure you have robust and comprehensive cyber risk insurance. That is unless you want to assume the risk of loss yourself. It may be costly, but we lawyers are targeted because we handle large sums of money and are famously porous when it comes to security.

If you are hacked, consider your obligations under both the Rules of Professional Conduct and any other regulatory regime that may apply. The ABA just issued an ethics opinion on that.

Read the opinion below. It’s enough to make you get cyber risk coverage.

I just saw where Missouri issued an ethics opinion saying that a scammer who establishes an attorney-client relationship with you is entitled to Rule 1.6 confidentiality anyway. I think that’s naïve. (Actually, I think it’s what comes out of the rear end of a horse, but I’m not allowed to say that here.)

I like the approach Colorado has taken that the rules don’t apply to “clients” who only try to establish a relationship to steal from you. They’re not clients. They’re crooks. Can you imagine on of these “Nigerian Princes” actually filing a grievance because you sent the counterfeit check to the Secret Service instead of depositing it and wiping out your IOLTA account and probably your liquid net worth? Really?

The old adage about us being a profession and not a business causes some of us to forget that the business aspect of lawyering can be as important, if not more, than the professional stuff. It’s a war, and we’re the weak country being invaded through every wire, wireless connection, computer, phone or other device we’re using. Happy October!

Former Connecticut Chief Disciplinary Counsel Mark Dubois is with Geraghty & Bonnano in New London.