What would you do if a burglar broke into your office, stole every single client folder, and dumped them indiscriminately out the top floor window onto the city streets below?
That’s a nightmare scenario with which law firms all over the world are having to come to grips, only the folders are voluminous electronic records and the street is the Internet. These are the days of Target, of Sony, of Home Depot, of Ashley Madison and -- most recently and most startlingly for firms and their corporate clients -- for Cravath, Swaine & Moore and Weil Gotshal & Manges.
Cybercrime poses among the most daunting challenges for law firms today. It presents an existential threat, where any firm -- no matter the depth of its reputation or the breadth of its clientele -- can literally come face to face with its own extinction overnight. What would happen, for example, if a firm handling sensitive source code for a Silicon Valley titan in a global IP battle exposed that information to breach?
The answer is swift client backlash, a wave of negative publicity and lawsuits for attorney malpractice.
It is not just for the well-being of the law firm, its lawyers and its employees that attorneys should implement security-first practices. It is fact an ethical duty to ensure sound cybersecurity. The ABA Model Rules state that, barring certain circumstances:
“A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent (or) the disclosure is impliedly authorized in order to carry out the representation….”
Other rules are more forceful. The California Business Code, for examples, states that attorneys have a duty “to maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client."
As the volume and complexity of client data proliferates, and the barriers to access that information through nefarious means lower, upholding that duty only becomes harder. In this Logikcull whitepaper, we recommend best practices to safeguard seven critical areas of vulnerability.