Teaching Lawyers About Cybersecurity
Let's face it; when it comes to professionals with technological savvy, lawyers are way, way down the list. I know lawyers who are still using Windows 98, if that gives you an idea (hey, it was a pretty good program).
So it was with great trepidation that I attended last week's Tech Summit in New York City sponsored by the New York State Bar Association (www.nysba.org). Lawyers have always been required to stay on top of changes in the law so as to maintain a certain level of competence. But recent changes to lawyer ethical rules require lawyers to stay on top of technology changes as well so they can keep their clients' confidential information safe from hackers (for details, see http://nationaljurist.com/smartlawyer/what-lawyers-duty-technology-competence).
What would I be required to do, and -- more importantly -- how far was my practice below the new standards?
The good news is that I wasn't in as bad of shape as I feared (it helps that I represent some tech companies), and I learned a ton of stuff that all small-business owners can benefit from.
According to Paul Unger of Affinity Consulting Group (www.affinityconsulting.com), who co-chaired the conference, there are five things attorneys and other small businesses need to do to ensure their clients' files and communications are secure:
-- Encrypt their emails using a two-step authentication (you know, first you put in your password, and then you type in a bunch of random letters to let the computer know you are not a robot).
-- Protect your cloud database (such as Google Docs and Microsoft OneDrive) with encryption, and store at least some of your clients' stuff on physical media in case of a ransomware attack (where, for example, someone locks up your computer and demands $25,000 in bitcoin to unlock it again). Consider using an online backup service, such as Iron Mountain (www.ironmountain.com/ipm) or iBackup.com.
-- Accept credit cards from clients using a PCI-compliant service, such as LawPay (lawpay.com) or ShieldPay (www.shieldpay.com). These are much more secure than paper checks.
-- Use a virtual private network (VPN) service, such as NordVPM (nordvpn.com) or Surfshark (surfshark.com), when using a public computer or some other remote computer like the ones available for rent at a hotel business center.
-- Use a secure digital signature service, such as DigiSign (www.digisign.com), when finalizing legal documents. PDFs are not as secure and reliable as they used to be.