ably available when needed.
As discussed in the ABA’s
Cybersecurity Handbook, these cybersecurity
goals can be met if a firm implements
the flexible best practices program set
1. Evaluate the firm’s current data and
risk profile. Determine where data
is stored (including mobile devices)
and the nature of the data. Determine
if regulatory, ethical, and contractual requirements apply to some data
classes, which require heightened security measures.
2. Determine whether your firm’s information technology support can provide cybersecurity advice and monitoring. If not, hire an outside expert.
3. Establish a cybersecurity and information governance committee.
4. Define and implement a standardized
risk-based security program. Perform
5. Establish requirements for data security in software installations, data out-sourcing, cloud storage, and vendor
6. Identify all mobile and portable devices that contain and transmit firm data.
Develop controls governing the use of
those devices, encryption of data, and
access protocols to the firm network.
7. Establish protocols for monitoring potential threats and audit regularly.
8. Develop an incident response plan
that addresses when to notify clients,
government authorities, or third parties impacted by data breaches.
9. Train employees on cybersecurity
The advent of technology has been a
boon to the practice of law, but not without risks. Attorneys are ethically bound
to understand the risks technology
poses to client confidences and to reasonably protect them. Reasonable protection means employing best practices
appropriate to the sensitivity of the data
involved, scale, and regulatory requirements, among other considerations.
Crafting appropriate best practices is
and will continue to be an ongoing challenge to the practice of law that will require closer work between information
security professionals and lawyers. NWL
approves-resolution-to-encourage-cyber-security-plans (emphasis added).
meeting_109.authcheckdam.pdf (at 6).
11. Rhodes and Polley, The ABA Cybersecurity Handbook, American Bar Association
(2013) at 27.
and incident re-
sponse expert, are
MK Hamilton and
ing and managed services firm,
focusing on critical infrastructure
cybersecurity. Contact them at
com and davidm@mkhamilton