877-375-2810 [email protected]

On May 19, the U.S. Department of Justice announced indictments against five members of the Chinese military on charges of hacking into computers and stealing valuable trade secrets from U.S. firms.  The Chinese response: If you leave doors open, don’t be surprised when we walk through them.

During the press conference, Attorney General Eric Holder cited several examples of the cybersecurity breaches, including security breaches by firms related to the targets here in the United States. In an analysis from the publication “The Hill”, Richard Bejtlich, a security strategist with the cybersecurity company FireEye and nonresident senior fellow at the Brookings Institution was quoted as saying, “I think we’re going to see retaliation from the patriotic hackers in China.”

So what does this mean to you, as members of law firms or even other firms that provide services to large firms, particularly in the area of Intellectual Property?  You’re in the cross-hairs.  In 2010 the FBI visited the top 200 law firms in New York City to tell them that, while they would not reveal their methods, they easily obtained client information from those firms and were alerting them to their lax security.  In 2012, the American Bar Association modified Model Rule 1.1 to include a working knowledge of technology as part of the definition of “competency to practice law”.

There are no more excuses.

  • If you have a time tracking/billing program, that program contains client contact information and detailed descriptions of the work your firm provides. In more than one case, we found fields containing drivers’ license numbers, social security numbers and financial data. There is no excuse for not protecting that program with levels of security access, user names and unique passwords.
  • If you have a case management program, you will have all of the information listed above and more. Often times, these programs have links or actually contain data from documents and emails. Again, there is no excuse for not protecting such programs with levels of security access, user names and unique passwords.
  • If you have a document management program, the same care to protect that data is critical.
  • More and more cloud-based applications are now offering/requiring two-factor authentication — that is, needing to know a password plus another piece of knowledge to access data. It’s about time.

My partners and I are often surprised by the resistance to this. Some programs allow the option to “remember” passwords. Some allow a user to identify themselves but passwords are optional. And when we point out the inadequacy of such systems, the response is, “But it’s too hard to remember passwords!” If you can’t remember how to keep your client’s data secure, you shouldn’t be allowed near it.There are no more excuses.At the end of that press conference, the representative for the FBI flatly stated that tracking loss of valuable industrial, technology and financial data — and filing criminal charges — is “the new normal”. It was a warning to international governments. It is also a warning to firms that supply legal and other support services. There are no more excuses.

At Eastern Legal Systems, we work to implement levels of security and advise our clients on reasonable efforts to keep your clients’ data secure as per requirements as put forth by the American Bar Association as part of our implementation services. If you need guidance in this area, please call us at 1-877-ELS-0555.