The sensitive data held by law firms makes them ideal targets for cybercriminals. Data breaches are not always the result of sophisticated plots carried out by genius criminals hacking firewalls and servers as shown on TV. They are often the result of low-tech cybercriminals sending out phishing emails containing store-bought exploits or well-worded messages convincing recipients to do something they should not.
Because of lawyers’ ethical and legal duties to safeguard client data, understanding cybersecurity risks and how to handle them are imperative. ABA Formal Opinion 483, “Lawyers’ Obligations After an Electronic Data Breach or Cyberattack,” requires lawyers to protect confidential data and respond appropriately in the event of a data breach. Duties outlined in the opinion include the obligation to monitor for a breach, the duty to stop a breach and restore systems, and the duty to assess what happened.