On May 19, the U.S. Department of Justice announced indictments against five members of the Chinese military on charges of hacking into computers and stealing valuable trade secrets from U.S. firms. The Chinese response: If you leave doors open, don’t be surprised when we walk through them.
During the press conference, Attorney General Eric Holder cited several examples of the cybersecurity breaches, including security breaches by firms related to the targets here in the United States. In an analysis from the publication “The Hill”, Richard Bejtlich, a security strategist with the cybersecurity company FireEye and nonresident senior fellow at the Brookings Institution was quoted as saying, “I think we’re going to see retaliation from the patriotic hackers in China.”
So what does this mean to you, as members of law firms or even other firms that provide services to large firms, particularly in the area of Intellectual Property? You’re in the cross-hairs. In 2010 the FBI visited the top 200 law firms in New York City to tell them that, while they would not reveal their methods, they easily obtained client information from those firms and were alerting them to their lax security. In 2012, the American Bar Association modified Model Rule 1.1 to include a working knowledge of technology as part of the definition of “competency to practice law”.
There are no more excuses.
- If you have a time tracking/billing program, that program contains client contact information and detailed descriptions of the work your firm provides. In more than one case, we found fields containing drivers’ license numbers, social security numbers and financial data. There is no excuse for not protecting that program with levels of security access, user names and unique passwords.
- If you have a case management program, you will have all of the information listed above and more. Often times, these programs have links or actually contain data from documents and emails. Again, there is no excuse for not protecting such programs with levels of security access, user names and unique passwords.
- If you have a document management program, the same care to protect that data is critical.
- More and more cloud-based applications are now offering/requiring two-factor authentication — that is, needing to know a password plus another piece of knowledge to access data. It’s about time.
My partners and I are often surprised by the resistance to this. Some programs allow the option to “remember” passwords. Some allow a user to identify themselves but passwords are optional. And when we point out the inadequacy of such systems, the response is, “But it’s too hard to remember passwords!” If you can’t remember how to keep your client’s data secure, you shouldn’t be allowed near it.There are no more excuses.At the end of that press conference, the representative for the FBI flatly stated that tracking loss of valuable industrial, technology and financial data — and filing criminal charges — is “the new normal”. It was a warning to international governments. It is also a warning to firms that supply legal and other support services. There are no more excuses.
At Eastern Legal Systems, we work to implement levels of security and advise our clients on reasonable efforts to keep your clients’ data secure as per requirements as put forth by the American Bar Association as part of our implementation services. If you need guidance in this area, please call us at 1-877-ELS-0555.
Dana Riel is President and Founder of Business Solutions, Inc., serving the Washington, D.C. metropolitan area since 1985. Her firm is the authorized training center for the region for Time Matters and PCLaw by PCLaw|Time Matters, PLLC; Timeslips and Sage 50 Accounting by Sage Software; and QuickBooks by Intuit Corporation. She also serves as a consultant for Caret Legal (formerly known as Zola Suite), CosmoLex, Soluno & TimeSolv. As a trainer, Dana has provided training services to organizations such as the DOD Defense Logistics Agency, Judge Advocate General’s Office (JAG)/Department of the Navy, University of the District of Columbia School of Law, U.S. Department of Commerce and the U.S. Department of Veterans Affairs, as well as with small‐ to mid‐size law firms in the Baltimore‐Washington D.C. area. In 2009, she participated in the series of day‐long seminars sponsored by the District of Columbia Bar Association Practice Management Section, titled “Basic Training: Learn About Running a Law Office”. Ms. Riel also served as an Adjunct Professor in Georgetown University’s Paralegal Studies Program, having taught the course, “Legal Ethics/Legal Technology” in 2009; and “Legal Technology” for the Spring and Summer Semesters of 2010. She presently serves on the Advisory Board for PCLaw|Time Matters, PLLC.