Although many lawyers prefer to believe that their firm is unlikely to be the target of a hack, such thinking often proves to be naïve. Cyber criminals are continually adapting looking for easy targets and sources of potentially valuable data. Because law firms are essentially warehouses of client and employee data, they should acknowledge that they are not immune to such attacks.
Personally Identifiable Information
Law firms are often considered to be perfect targets by cyber criminals looking to hack into businesses that keep lots of data containing personally identifiable information (PII) but lack protective security. Some examples of PII include:
- Names, identifying numbers, symbols, or other identifiers assigned to particular individuals
- Information that describes anything about a person
- Information that indicates actions done by or to a person
- Information that indicates a person possesses certain characteristics
Most, if not all, law firms possess a great deal of PII. This information was historically kept in paper files, but is not stored electronically for the most part. The most commonly reported cyber breach reported by law firms is related to the loss or theft of a laptop, thumb drive, smart phone, tablet, or some other mobile device. If the information on the lost or stolen device was not encrypted and contained PII, a breach likely occurred. With access to office email and other law office networks, cyber criminals can gain access to and steal confidential information.
This is an ethical dilemma for attorneys for several reasons. Besides the common law duty owed by attorneys to protect the confidential information entrusted to them by clients, the ABA Rules of Professional Conduct requires an attorney to maintain the confidentiality of information related to the representation of current and former clients, and state and federal law also imposes a duty upon attorneys to protect PII for clients.
A couple of weeks ago, I went to leave for a doctor's appointment and noticed that the contents of my console were spread out on the passenger's seat and the back door wasn't fully closed. At first, I didn't think a thing of it. It's not uncommon for my husband to need to go into my car to look for something. When I sent him a text, I learned that it wasn't him.
Although it was disconcerting to know my car had been broken into, nothing had been stolen. Fortunately, I had the right coverage had items been taken, but that wasn't the case when I had my golf clubs stolen from a friend's car.
We had been golfing earlier in the day and when we stopped to grab a bite to eat, my friend's car was stolen - along with its contents. Although the car was later recovered, the contents were not. My clubs were gone forever.
He contacted his auto insurance carrier and we learned pretty quickly that my clubs were not covered. Even if this had been my car that this happened in, auto insurance does not cover your personal property in the car. That is the job of your homeowners or renters policy.
It's easy for renters to dismiss the need for coverage unless their complex demands proof of coverage, but this is just one instance where this coverage is very important. Let's say you were over a friend's house for the night and you brought your computer or you move in with your significant other, but aren't yet married. You guessed it. Should something happen to your personal property, you would need to have renters insurance (or homeowners if you own the home) to replace this property.
Do you have questions about auto, home or renters? Send us a message!