MOLLY NECK | Practice Management
Phishing Around: Data Your Problem
Think you can’t be duped by the Nigerian Prince or your best friend that needs $5,000.00 to return home from the Bahamas? You’re probably right. But think your law  rm is immune from hav- ing funds in a trust account stolen by phishing experts using undetectable malware?  ink again!
Cyber-attacks and data breaches are no longer the stories of James Bond or limited to large corporations. Although malware and cybersecurity raise concerns across all industries, the structure and mindset of law  rms o en make them the perfect target for hackers and phishing schemes. Struc- turally, law  rms are a treasure trove of clients’ health records, social secu- rity numbers, and bank information.  e  rms are a plethora of intellectual data including trade secrets, intellec- tual property, and deals not yet known to the public. Yet, whether it be from ignorance or arrogance, many  rms have historically failed to acknowl- edge their vulnerability to these cy- ber thieves or act responsibly a er a breach or client’s valuable data is sto- len.  ese attacks are not going away. Law  rms will continue to be targets.  e di erence is how law  rms react to protect their data, their clients, and
their reputations.
WHAT
CONSTITUTES A
DATA BREACH?
Not every cyber- attack creates a data breach. A cyber- attack is purely the attempt by hackers
to gain illegal access to a network. According to the American Bar As- sociation, a data breach is a data event where (1) signi cant con dential cli- ent information is misappropriated, destroyed or otherwise compromised, or (2) an attorney’s ability to execute the legal services for which they are hired is impaired.
Every lawyer knows our profession- al and ethical obligations to safeguard their clients’ information extends to written, spoken, and electronically formatted information. But identify- ing the speci c information to pro- tect can be a daunting task. Certain types of data are obvious: sensitive information from clients, con den- tial  nancial information, trade se- crets, intellectual property, medical information, and personal informa- tion. Other information will vary de- pending on the  eld of practice. For example, family law attorneys may have information about children and SAPCR documents, real estate law- yers possess con dential information in loan documents or information regarding prospective business deals, and tax attorneys regularly  le reports with  nancial information; but attor- neys with corporate practices may have sensitive information of third parties that carries  duciary duties to not only the client but also the third parties as well.
ANALYZE YOUR IT SYSTEM
Hire an IT analyst or utilize one of the free websites which provide free risk assessments. Question how data  ows through the system, each point of entry and exit for information, and
who needs access to the information. Know the vulnerability of your IT system and provide yourself an op- portunity to address the issues before a potential catastrophe.
Start with an understanding of the hardware—the computers, printers, servers—making note of the model numbers, serial numbers, and which devices are connected to the internet. Inventory all so ware, programs, and security systems (including  rewalls, malware, ransomware, and antivirus so ware), last updates, reliability of backups, and how long it will take to recover data in the case of a data breach. Does your  rm have an in- tranet within the company, how does the system operate, and is it protect- ed?
Protecting your clients’ informa- tion does not require developing a level of expertise on these issues, but you should have a working knowl- edge of the systems.
WHO’S STEALING MY STUFF?
Historically, across all industries, data breaches generally came from employee negligence and lost/stolen devices. Today, the number one cause of data breaches are criminal attacks by hackers.
Hackers are no longer a few indi- viduals sitting in a basement staying up all night.  ey are massive busi- nesses enterprises with huge growth potential. Hackers utilize automated systems that continuously scan net- works looking for weaknesses, no matter how small. If your  rm is on the internet, it is a target. Hackers target a weakness and follow the trail
Molly joined the Rosenblatt Law Firm in 2014. She is a senior associate for the transactional section of the  rm. For more information, visit rosenblattlaw rm.com or call Rosenblatt Law Firm at (210) 562-2900.
ATTORNEY AT LAW MAGAZINE · SAN ANTONIO · VOL. 1 NO. 3 10
Breaches Actually Are