Confidential data in computers and information systems, including those used by attorneys and law firms, faces greater security threats today than ever before. They take a variety of forms, ranging from email phishing scams and social engineering attacks to sophisticated technical exploits resulting in long-term intrusions into law firm networks. They also include lost or stolen laptops, tablets, smartphones and USB drives, as well as inside threats—malicious, untrained, inattentive, and even bored personnel. These threats are a particular concern to attorneys because of their ethical duties of competence and confidentiality.

Effective cybersecurity requires an ongoing, risk-based, comprehensive process that addresses people, policies and procedures, and technology, including training. Effective security also requires an understanding that security is everyone’s responsibility and constant security awareness by all users of technology.

Duty to Safeguard