The American Bar Association has published the ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms and Business Professionals to provide practical cyber threat information, guidance, and strategies to lawyers and law firms of all sizes.
North Dakota Supreme Court Justice Dan Crothers was a contributing author of the handbook. The book was a product of the ABA Cybersecurity Legal Task Force, which also provides online cybersecurity resources.
The guide considers the interrelationship between lawyer and client, establishing what legal responsibilities and professional obligations are owed to the client in the event of a cyber attack. The book provides strategies to help law firms defend against the cyber threat, and also offers information on how to best to respond if breached.
In the fall of 2011, the head of the cyber division in the New York office of the FBI convened a meeting with the top 200 law firms in the city to deal with the rising number of cybersecurity attacks. Hackers, the law firms were told, see attorneys as “soft targets,” offering a back door to the valuable data of corporate clients.
Bloomberg News, in reporting on the FBI meeting, said there were an estimated 80 cyberattacks against law firms in 2011, mostly from Chinese-based hackers. By all accounts, the threat is only growing. Bloomberg provided details of a specific Chinese cyber attack on a Canadian law firm intended to disrupt a large commerical transaction.
The most recent Verizon Data Breach Investigations Report notes that security losses due to insiders or loosely organized groups are now dwarfed in size by the actions of organized groups using highly sophisticated and effective tools. Experts say that lawyers too often have limited resources to dedicate to computer security, and they might not have an appreciation of the cybersecurity risks presented by technology.
The editors of The ABA Cybersecurity Handbook are Jill D. Rhodes, vice president and chief information security officer for Trustmark Cos. in Lake Forest, Ill., and Vincent I. Polley, president of KnowConnect PLLC, which provides consulting services on information policy and knowledge management processes.
August 7, 2013