Consider this scenario: A young couple entrusts you, an experienced real estate attorney, to assist them in the purchase of their first home. Days before closing, your unsecured email account gets hacked and your client receives an email, which to all appearances is from you, telling them to wire funds to a third-party account instead of bringing the cash to closing. You only find out about “your” email to your client after the transfer has been made and your clients’ savings, accumulated over many years, is gone. What exactly do you think you can say to your clients to make it better?
This is not a fantasy – it happens far too often, as noted in a recent ABA Journal article. We, in fact, were involved on behalf of the depository bank in this exact situation in Illinois, where clients followed what they thought were the instructions of their attorney.
As a professional, you are required to keep abreast of changes in technology and to safeguard your client’s confidential information under ABA Model Rules 1.1 and 1.6. This standard of care must be taken seriously and the idea that “it won’t happen to me” is an insufficient defense. There are two immediate steps you can and should take to help prevent a foreseeable loss.
First, pick a “secure” password. You are putting yourself and your clients at risk if any of your passwords are like those on a GeekWire list. Second, if you have not enabled the security features on your mobile phone – even after all the media coverage of the federal government’s attempt to compel Apple to tell it how to unlock data on an iPhone – do so immediately.
The need to understand technology and enable a strong password to protect accounts is not limited to professionals. Consider the recent case of Laremy Tunsil , an NFL prospect who arguably lost more than $13 million because someone hacked his Twitter and Instagram accounts at the worst possible time, resulting in his precipitous drop in the NFL draft.
In our case, the attorney was able to avoid liability by spending a considerable amount of time chasing down his clients’ funds, which were traced to the hacker’s account and recovered. However, this only occurred after the attorney put his insurer on notice of a potential claim and six months of litigation.
Have you spent the time to think about whether you and your clients are up to date on the latest technology and know how to keep that technology secure? Have you spent the time and effort to fully safeguard your client’s confidential information on your computers? If you engage in social media, have you considered the implications of the strength or weakness of your password? The importance of thinking this issue through now – before a problem occurs – cannot be over-emphasized. Your electronic communications must be kept secure. If necessary, hire a consultant or adviser. The cost of preventing a data breach is money well spent.