Washington Lawyer - November/December 2024 - 23

FEATURE
We also know that cyber mercenaries always conceal their traces to
hinder digital investigations. They steal data in stealth mode, clean up
the crime scene, and silently vanish to get paid in cryptocurrency by
a clandestine client. By now it is clear that even the largest law firms
may fail to detect well-thought-out cyber intrusions, leaving them baffled
about how an unscrupulous opponent is able to predict and neutralize
every single move they make in pretrial discovery or settlement
bargaining.
In the end, cyber intrusions predominantly remain undetected, uninvestigated,
and unreported to authorities or undisclosed to collateral
victims.
COSTLY FALLOUT
The direct financial losses of a data breach can be substantial. In April
2024, Orrick, Herrington & Sutcliffe LLP agreed to pay $8 million to settle
a class action brought by individuals whose name, address, date of
birth, and Social Security number were accessed in a data breach. That
amount, however, is a mere fraction of the overall financial losses firms
incur, from investigative and legal expenses to long-lasting loss of business
to incalculable damage to reputation.
Beyond private lawsuits, hacked law firms may face troubles for violating
state data protection and privacy laws. To illustrate, in 2023 New York
Attorney General Letitia James fined Heidell, Pittoni, Murphy & Bach,
LLP $200,000 for a data breach in 2021. In a public statement, James emphasized
that poor data security practices and resulting data breaches
would not be tolerated by her office.
Then there is the broad spectrum of disciplinary sanctions lawyers may
face as well as lawsuits for legal malpractice. While states have varying
rules of professional conduct and idiosyncratic enforcement history, it is
certainly worth reading these ABA formal opinions on cybersecurity
matters: Opinion 483 (Lawyers' Obligations After an Electronic Data
Breach or Cyberattack), Opinion 477R (Securing
Communication of Protected Client Information),
and Opinion 498 (Virtual Practice).
Today, cybersecurity has become a strategic
competitive advantage on the legal services
market worldwide. Clients frequently shun
breached law firms and avoid attorneys who
cannot convincingly demonstrate a solid care
about clients' privacy and data protection.
Many large corporations and governmental
agencies now use specialized cybersecurity
vendors for risk scoring of law firms and all
other high-risk suppliers, scanning their internet
resources in a nonintrusive manner to determine
whether basic security controls are
duly implemented.
In case of a failure, the chances of getting
a lucrative contract plummet. Worse, few
would-be clients will disclose the true reasons
for signing a deal with a less-experienced
but better-secured competitor, leaving
law firm partners in the dark.
EFFECTIVE DEFENSE
Contrary to widespread misconception, cybersecurity is not rocket science
and does not require millions of dollars to prevent most cyberattacks,
or at least to significantly minimize their scale and impact. As we
approach the end of the year, here are 10 simple, cost-effective, and efficient
steps that law firms of virtually any size should consider to enhance
cybersecurity and start on a strong footing in 2025.
1. Define and document your cybersecurity efforts. Common wisdom
says that it is impossible to succeed without a plan, at least a concise
one, and cybersecurity is no exception. Decide what are the most
foreseeable risks and threats to your law firm, what is your risk tolerance,
who will be responsible for implementation of your cybersecurity
program, and what are the key performance indicators to
measure its success
Additionally, having a well-documented information security program
is not only a statutory requirement under mushrooming data
protection and privacy laws, but it is also a solid argument in case of
a regulatory probe or when defending a data breach claim based on
negligence or violation of statutory duty.
2. Conduct a holistic inventory of your digital assets. Simple logic applies
to cybersecurity: You cannot protect what you cannot see or
what you don't know. Digital assets include not only desktop computers,
laptops, internet-connected printers, office-based servers,
and network devices, but also cell phones used by paralegals and
attorneys, cloud-based systems and backups, and any third-party
managed systems like your outsourced website and billing and
client-management platforms. While in many cases you may delegate
the duty to safeguard your assets, you should still have them
in your inventory.
3. Ensure that all your software is up to date. This encompasses firmware
(a type of software embedded in a device's hardware to help it
TODAY,
cybersecurity has
become a strategic
competitive advantage
on the legal services
market worldwide.
NOVEMBER/DECEMBER 2024 * WASHINGTON LAWYER 23

Washington Lawyer - November/December 2024

Table of Contents for the Digital Edition of Washington Lawyer - November/December 2024

Washington Lawyer - November/December 2024
Digital Extras
From Our President
Calendar
Practice Management
Toward Well-Being
Court Simplified feature
Erin Larkin feature
Navigating the Court feature
Demystifying the Corporate Transparency Act feature
Erin Larkin feature
Data Breach Readiness feature
Member Spotlight - Murray Scheel
On Further Review
Newly Minted
Worth Reading
Attorney Briefs
Speaking of Ethics
Disciplinary Summaries
Pro Bono Effect
A Slice of Wry
Washington Lawyer - November/December 2024 - Washington Lawyer - November/December 2024
Washington Lawyer - November/December 2024 - Cover2
Washington Lawyer - November/December 2024 - 1
Washington Lawyer - November/December 2024 - 2
Washington Lawyer - November/December 2024 - 3
Washington Lawyer - November/December 2024 - Digital Extras
Washington Lawyer - November/December 2024 - 5
Washington Lawyer - November/December 2024 - From Our President
Washington Lawyer - November/December 2024 - Calendar
Washington Lawyer - November/December 2024 - Practice Management
Washington Lawyer - November/December 2024 - Toward Well-Being
Washington Lawyer - November/December 2024 - Court Simplified feature
Washington Lawyer - November/December 2024 - 11
Washington Lawyer - November/December 2024 - 12
Washington Lawyer - November/December 2024 - 13
Washington Lawyer - November/December 2024 - Erin Larkin feature
Washington Lawyer - November/December 2024 - 15
Washington Lawyer - November/December 2024 - Navigating the Court feature
Washington Lawyer - November/December 2024 - 17
Washington Lawyer - November/December 2024 - Demystifying the Corporate Transparency Act feature
Washington Lawyer - November/December 2024 - 19
Washington Lawyer - November/December 2024 - Erin Larkin feature
Washington Lawyer - November/December 2024 - 21
Washington Lawyer - November/December 2024 - Data Breach Readiness feature
Washington Lawyer - November/December 2024 - 23
Washington Lawyer - November/December 2024 - 24
Washington Lawyer - November/December 2024 - 25
Washington Lawyer - November/December 2024 - Member Spotlight - Murray Scheel
Washington Lawyer - November/December 2024 - 27
Washington Lawyer - November/December 2024 - On Further Review
Washington Lawyer - November/December 2024 - 29
Washington Lawyer - November/December 2024 - Newly Minted
Washington Lawyer - November/December 2024 - 31
Washington Lawyer - November/December 2024 - Worth Reading
Washington Lawyer - November/December 2024 - 33
Washington Lawyer - November/December 2024 - Attorney Briefs
Washington Lawyer - November/December 2024 - 35
Washington Lawyer - November/December 2024 - Speaking of Ethics
Washington Lawyer - November/December 2024 - 37
Washington Lawyer - November/December 2024 - Disciplinary Summaries
Washington Lawyer - November/December 2024 - 39
Washington Lawyer - November/December 2024 - 40
Washington Lawyer - November/December 2024 - 41
Washington Lawyer - November/December 2024 - Pro Bono Effect
Washington Lawyer - November/December 2024 - 43
Washington Lawyer - November/December 2024 - 44
Washington Lawyer - November/December 2024 - 45
Washington Lawyer - November/December 2024 - 46
Washington Lawyer - November/December 2024 - 47
Washington Lawyer - November/December 2024 - A Slice of Wry
Washington Lawyer - November/December 2024 - Cover3
Washington Lawyer - November/December 2024 - Cover4
https://washingtonlawyer.dcbar.org/novemberdecember2024
https://washingtonlawyer.dcbar.org/septemberoctober2024
https://washingtonlawyer.dcbar.org/julyaugust2024
https://washingtonlawyer.dcbar.org/mayjune2024
https://washingtonlawyer.dcbar.org/marchapril2024
https://washingtonlawyer.dcbar.org/januaryfebruary2024
https://washingtonlawyer.dcbar.org/novemberdecember2022
https://washingtonlawyer.dcbar.org/novemberdecember2022
https://washingtonlawyer.dcbar.org/novemberdecember2022
https://washingtonlawyer.dcbar.org/novemberdecember2022
https://washingtonlawyer.dcbar.org/novemberdecember2022
https://washingtonlawyer.dcbar.org/novemberdecember2022
https://washingtonlawyer.dcbar.org/novemberdecember2022
https://washingtonlawyer.dcbar.org/januaryfebruary2022
https://washingtonlawyer.dcbar.org/januaryfebruary2022
https://washingtonlawyer.dcbar.org/januaryfebruary2022
https://washingtonlawyer.dcbar.org/januaryfebruary2022
https://washingtonlawyer.dcbar.org/januaryfebruary2022
https://washingtonlawyer.dcbar.org/novemberdecember2021
https://washingtonlawyer.dcbar.org/julyaugust2021
https://washingtonlawyer.dcbar.org/julyaugust2021
https://washingtonlawyer.dcbar.org/marchapril2021
https://washingtonlawyer.dcbar.org/marchapril2021
http://washingtonlawyer.dcbar.org/novemberdecember2020
https://washingtonlawyer.dcbar.org/novemberdecember2020
https://washingtonlawyer.dcbar.org/septemberoctober2020
https://washingtonlawyer.dcbar.org/julyaugust2020
https://washingtonlawyer.dcbar.org/june2020
https://washingtonlawyer.dcbar.org/may2020
https://washingtonlawyer.dcbar.org/march2020
https://washingtonlawyer.dcbar.org/january2020
https://washingtonlawyer.dcbar.org/november2019
https://washingtonlawyer.dcbar.org/october2019
https://washingtonlawyer.dcbar.org/september2019
https://washingtonlawyer.dcbar.org/julyaugust2019
https://washingtonlawyer.dcbar.org/june2019
https://washingtonlawyer.dcbar.org/may2019
https://washingtonlawyer.dcbar.org/april2019
https://washingtonlawyer.dcbar.org/march2019
https://washingtonlawyer.dcbar.org/january2019
https://washingtonlawyer.dcbar.org/november2018
https://washingtonlawyer.dcbar.org/november2018
https://washingtonlawyer.dcbar.org/november2018
https://washingtonlawyer.dcbar.org/august2018
https://washingtonlawyer.dcbar.org/august2018
https://washingtonlawyer.dcbar.org/June/July2018
https://washingtonlawyer.dcbar.org/april2018
https://washingtonlawyer.dcbar.org/March2018
https://washingtonlawyer.dcbar.org/February2018
https://washingtonlawyer.dcbar.org/january2018
http://washingtonlawyer.dcbar.org/december2017
http://washingtonlawyer.dcbar.org/November2017
http://washingtonlawyer.dcbar.org/september 2017
http://washingtonlawyer.dcbar.org/september 2017
http://washingtonlawyer.dcbar.org/august2017
http://washingtonlawyer.dcbar.org/july2017
http://washingtonlawyer.dcbar.org/June2017
http://washingtonlawyer.dcbar.org/may2017
http://washingtonlawyer.dcbar.org/april2017
http://washingtonlawyer.dcbar.org/march2017
http://washingtonlawyer.dcbar.org/february2017
http://washingtonlawyer.dcbar.org/january2017
http://washingtonlawyer.dcbar.org/december2016
http://washingtonlawyer.dcbar.org/november2016/
http://washingtonlawyer.dcbar.org/october2016
http://washingtonlawyer.dcbar.org/september2016
https://www.nxtbookmedia.com