Raising the Bar, The Voice of the Defense Research Institute newsletter, featured an article authored by Alan Winchester and Jacqueline Cavallaro entitled “ Cloudy With A Chance of Data Breach: What Lawyers Must Know When Using the Cloud”
Law firms possess a tremendous amount of data on behalf of their clients. While the ability to access data remotely provides many benefits, it also poses the risk of a data breach. In 2016, the American Bar Association reported that over twenty-five percent of firms with more than 500 lawyers experienced a data breach. The ubiquity of breaches, the large amount of private information safeguarded by law firms, and the rules and opinions of state bars require that lawyers review their ethical and professional obligations while embracing new technology.
Currently, twenty states have issued ethics opinions on the use of cloud computing. While there is some variation among opinions, cloud computing is universally accepted, and even encouraged, so long as a lawyer takes reasonable care to ensure that data remains confidential and that reasonable safeguards are in place to protect data from breaches, loss, and other risks. “ Reasonable care” is a flexible standard, likely chosen so that it can adapt with the ever evolving nature of technology, but it provides little concrete guidance.
Firms often do not pay sufficient heed to the risk their human capital poses to cybersecurity and are at risk from users clicking on malicious links or email attachments.
In light of these issues, many firms are now addressing cybersecurity, both for cloud stored data and for data hosted internally in a more standardized manner. By employing simple techniques, lawyers can better service their clients and fulfill their ethical and professional duties while taking advantage of cloud computing. In addition to using complex passwords, many firms are also using two factor authentication. To authenticate to a computer people can use three elements: something they know ( as password), something they have ( cell phone), or something they are( fingerprint or face scan). Two factor authentication requires that you have two of these elements before authentication to a server and accessing data. Many cloud providers now offer two factor authentication and any decision to not use it should be examined closely. Following are a few of the additional suggestions covered in this article: encrypt your emails, be vigilant of scams and secure your device.
This article was originally published in the June 30, 2016 edition of Raising the Bar, a publication of the Defense Research Institute. Read the full article: "Cloudy With A Chance of Data Breach: What Lawyers Must Know When Using the Cloud"