Late last year the ABA Journal published a brief news article about an Oklahoma attorney who was forced to pay $700 in ransom to criminals who were holding his computer files hostage. Hardly more than 100 words long, the matter-of-fact article underscores an alarming trend: stories like this one have become commonplace. Cyber-extortion, it seems, is now one of the perils of doing business.
Distressing though it may sound on a practical and financial level, this new wave of cyber threats also has ethical implications for those of us in the legal profession. Lawyers are increasingly relying on their devices to store and transmit vast amounts of confidential information regarding their clients and firms. Accordingly, attorneys need to be aware of security issues associated with technology and take measures to limit their risk of exposure in order to avoid a misfortune like the one mentioned above. Preparedness starts with a full understanding of the contemporary technology they are using and the risks that careless use carries. Indeed, as certain technology becomes commonplace in the legal world, the Rules of Professional Conduct and the case law interpreting those rules start assuming that all lawyers are competent in using that technology.
Today, the standard tool hackers use to extort payment from their targets is called “ransomware.” Usually disguised as a benign download, ransomware is a type of malware that locks users out of their files, and then coaxes or intimidates those users into paying a fee to regain access to their documents. Ransomware operators employ a variety of tactics, such as encryption and impersonation of law enforcement. It is a notoriously difficult menace to fight, as culprits are often untraceable or shielded behind international IP addresses. In fact, aside from urging precautionary measures, the FBI’s official guidance on the matter amounts to little else other than “just to pay the ransom.”
Ransomware is only one example among a mounting array of digital security risks facing organizations and individuals with sensitive data to protect. A flood of cyberattacks and information breaches follows each new advance in technology, and hackers grow more sophisticated every day, demonstrating an extraordinary capacity for innovation. Consider, for example, how researchers at Georgia Tech were able to exploit a vulnerability in the iPhone by using a third-party charging cable.
Meanwhile, large-scale companies and institutions—from Anthem to Slack to Harvard University—have made news as the recent victims of security breaches that have exposed hundreds of thousands of stakeholders’ financial information. More recently, cybersecurity experts have expressed concern over “headless worms”: malicious code that could infect machines such as smartwatches, fitness trackers, and medical equipment. Malware that attacks telecommunications-enabled devices in the realm of the “Internet of Things” could spell large-scale catastrophe. Imagine losing control of a car, cellular network, or urban power grid.
Suffice it to say cyberattacks are increasingly complex, and frequently trigger legal issues beyond the victim’s immediate necessity to re-secure its network and limit its exposure. For example, after Hollywood Presbyterian Medical Center paid $17,000 to recover its computer systems from a hacker, the hospital also had to abide by its federal requirement to report the breach.
In making sense of these threats, a legal practitioner’s responsibility is twofold: along with their obligation to defend clients’ interests by continually stay up to date with developing technology in the field, lawyers also have a duty to safeguard their clients’ private data and property against unintentional disclosure or harm. Unfortunately, attorneys and law firms are likely to encounter far more questions than answers in their endeavors to remain secure. Breaches can and do happen to anyone, at any time. While it is not possible to anticipate every cyberattack, lawyers can take reasonable measures to educate themselves and their support staff on overarching security trends and the general ways in which hackers gain access to information. Lawyers and members of firm administration need to maintain at least a basic understanding of technologies and terms—such as cloud storage, mobile payments, and various social media platforms—in order to stay competent. Additionally, law firms should regularly review and revise their security protocols and safety procedures in accordance with the latest cybersecurity happenings as well as state and federal standards.
Cybersecurity readiness not only keeps your clients safe; it is a matter of preserving their trust.
If you have questions or comments about this article or any issue related to legal ethics or e-competence, please feel free to contact me.
ABOUT JAMES GAITHER
James is an associate with Offit Kurman’s Landlord Tenant group focusing primarily on Maryland properties. Prior to joining Offit Kurman, James was an Assistant Bar Counsel with the Attorney Grievance Commission. In that capacity, James prosecuted cases against Maryland attorneys and other individuals not licensed to practice law in Maryland. As a result, he has significant trial experience in Circuit Courts throughout Maryland and has argued numerous cases before the Maryland Court of Appeals.
ABOUT OFFIT KURMAN
Offit Kurman is one of the fastest-growing, full-service law firms in the Mid-Atlantic region. With over 120 attorneys offering a comprehensive range of services in virtually every legal category, the firm is well positioned to meet the needs of dynamic businesses and the people who own and operate them. Our eight offices serve individual and corporate clients in the Maryland, Delaware, New Jersey, and Northern Virginia markets, as well as the Washington DC, Baltimore, Philadelphia, and New York City metropolitan areas. At Offit Kurman, we are our clients’ most trusted legal advisors, professionals who help maximize and protect business value and personal wealth. In every interaction, we consistently maintain our clients’ confidence by remaining focused on furthering their objectives and achieving their goals in an efficient manner. Trust, knowledge, confidence—in a partner, that’s perfect.
You can connect with Offit Kurman via our Blog, Facebook, Twitter, Google+, YouTube, and LinkedIn pages. You can also sign up to receive LawMatters, Offit Kurman’s monthly newsletter covering a diverse selection of legal and corporate thought leadership content.
MARYLAND | PENNSYLVANIA | VIRGINIA | NEW JERSEY | NEW YORK | DELAWARE | WASHINGTON, DC