My Car Was Broken Into - Who Covers My Property?
#FinancialWellnessWednesday for 10/19/16

Cyber Breach Prevention Ethical Duty for Law Firms

10/18/2016

Shutterstock_254824216Hackers are executing sophisticated data breaches on large and small companies all over the world, making the need to protect your law firm from the dangers of cyber breach more important than ever.

Although many lawyers prefer to believe that their firm is unlikely to be the target of a hack, such thinking often proves to be naïve. Cyber criminals are continually adapting looking for easy targets and sources of potentially valuable data. Because law firms are essentially warehouses of client and employee data, they should acknowledge that they are not immune to such attacks.

Personally Identifiable Information

Law firms are often considered to be perfect targets by cyber criminals looking to hack into businesses that keep lots of data containing personally identifiable information (PII) but lack protective security. Some examples of PII include:

  • Names, identifying numbers, symbols, or other identifiers assigned to particular individuals
  • Information that describes anything about a person
  • Information that indicates actions done by or to a person
  • Information that indicates a person possesses certain characteristics

Most, if not all, law firms possess a great deal of PII. This information was historically kept in paper files, but is not stored electronically for the most part. The most commonly reported cyber breach reported by law firms is related to the loss or theft of a laptop, thumb drive, smart phone, tablet, or some other mobile device. If the information on the lost or stolen device was not encrypted and contained PII, a breach likely occurred. With access to office email and other law office networks, cyber criminals can gain access to and steal confidential information.

This is an ethical dilemma for attorneys for several reasons. Besides the common law duty owed by attorneys to protect the confidential information entrusted to them by clients, the ABA Rules of Professional Conduct requires an attorney to maintain the confidentiality of information related to the representation of current and former clients, and state and federal law also imposes a duty upon attorneys to protect PII for clients.

To learn more about data breach and cyber liability coverage, Jeremy Del Priore at USI Affinity today.

Posted at 12:08 PM in Cyber Liability, Professional Liability Insurance, Risk Management, Small Business Insurance | | Comments (0)

Comments

The comments to this entry are closed.