Make Cybersecurity a Priority
In her Best Practices for Solo Practices column, Janet Falk offers up some seasoned tips and advice from solo attorneys on how they exercise best practices in cybersecurity.
October 28, 2019 at 12:30 PM
7 minute read
Janet FalkOctober is National Cybersecurity Awareness Month, making it timely to consider how solo attorneys exercise best practices in cybersecurity.
Forty-three percent of online security incidents target small businesses according to the Verizon Data Breach Investigation Report (2019). Such attacks may lead to financial loss, theft of customer data or proprietary information being compromised.
As a solo attorney, who may advise clients in the small business category, the threat of a cybersecurity attack or breach is an important concern not only for your own practice but for your clients as well. According to computer security expert Bruce Schneier, "You can't defend. You can't prevent. The only thing you can do is detect and respond."
Attorney Abraham Perlstein of The Law Office of Abraham J. Perlstein, who practices in the cybersecurity area, agrees with Schneier. "As an attorney, you should take pre-emptive steps and take actions to set yourself up to defend and protect yourself, and your clients, to the extent possible and to be able to show that you have done so."
Passwords
To begin your cybersecurity audit, consider your use of passwords to open your computer, access cloud-based storage and utilize legal research databases, among other websites. Barry Heyman, with a practice in entertainment, music, new media and IP at Heyman Law, says "I use unique, strong passwords, change them periodically, and I use two-factor authentication." According to Heyman, "Two-factor authentication is one of the most important security measures, because it is much less likely that you will be hacked and you receive notice if there is a suspicious login attempt." The nightmarish experience of a friend whose password was stolen demonstrates "the extra time it takes to secure your accounts is definitely worthwhile."
For those who record their passwords in an Excel spreadsheet or document on their computer, be aware that a hacker will review ALL your files, so that is not a 100%-secure solution. Consider printing the list, filing the document safely and using it like a map to re-orient yourself. Additionally, Perlstein counsels against storing passwords on a given website when you login to that site. Instead, type in the password each time you visit a website that requires a password, especially websites for your financial accounts.
Many solo attorneys find password managers, such as LastPass, helpful in remembering and storing their many passwords.
Backing Up
Backing up documents and files is the best cyber-insurance. Patricia Werschulz, who practices patent and trademark law at Werschulz Patent Law uses Time Machine, a built-in feature on the Mac computer. It "automatically backs up on external hard drives. I have one at home and one in the office, so each day my hard drive is backed up in two geographically different places." Perlstein applauds backing up files daily as an ideal; if not, back-ups should be performed at least weekly, perhaps at the close of business on Friday.
Zara Watkins, with a practice writing briefs for appeals and substantive motions in state, federal and immigration cases at On Point Expertise, notes "All of my documents are uploaded to a cloud-based system immediately," which serves as an electronic back-up.
Another approach regarding back-ups, and with the feature of file-sharing, is Dropbox.com, where files are instantly and automatically backed up. In addition, users may share a link that will grant access to folders and files and designate whether the recipient may view and/or edit the document. Andrew Berks recommends Dropbox and has also used Hightail to exchange large files with others in his intellectual property, patents and litigation practice at Berks IP Law. An additional precaution is to use Dropbox in conjunction with a cloud-based back-up service, as recommended by Sean O'Rourke, Cyber Liability Consultant at Combs & Company.
Update
It's important to update the software systems and programs you use, whenever new versions come to market. Eric Sarver, who represents businesses in employment law matters at The Law Offices of Eric M. Sarver, notes "I update my security software frequently, both when prompted to by my computer/software and when my cybersecurity consultants let me know" to do so. Heyman is a bit more wary, saying "I update as soon as practicable, but I first search the Internet for reports of bugs in the updates and I wait until the update is known to be safe and secure."
Keeping Up
Cybersecurity issues can be overwhelming to an attorney with a solo practice. Werschulz takes CLEs to keep up-to-date on these issues, as does Watkins, who "regularly watches webinars, because it's important and fast-changing." Berks reads computer industry newsfeeds to train himself. He also asks the colleagues he works with to use two-factor authentication and encourages them to use appropriate password practices.
Protecting Clients
As for reminding clients of their own cybersecurity awareness, Heyman notes "I promote cybersecurity awareness through occasional newsletters and social media posts." Sarver says, "I advise my clients to be mindful of suspect files, emails with attachments from unknown senders, and other items that might be corrupted."
For Watkins, the issue in dealing with her clients is not cybersecurity, per se, but redaction of personal information. These may be included in documents and records that have already been submitted to the court and which she reviews in her appellate practice. Watkins notes, "I tell my clients that if they think there is any chance there is sensitive information (like Social Security numbers) in the documents to advise me ahead of time, so I can secure my receipt of the documents, redact them myself, and then delete traces of it from my email program. That way, I never have sensitive information on my email or cloud-based storage system."
Outside Help
External services may also provide support in cybersecurity matters. Eric Sarver has contracted with an outside consultant, Threat Condition, "to strengthen the protections I had in place."
Andrew Berks notes that the third-party billing services, such as Quickbooks and Freshbooks, invest heavily in their own security systems. A colleague "had an incident where an invoice was apparently altered in transit to change the payment instructions, and the client payment went to a fraudulent account." Relying on the secure distribution of such a vendor would have averted that outcome.
As you review your own cybersecurity practices, you may discover you are not following some of the back-up, cybersecurity training, software updates and password practices of your colleagues. Do not be discouraged. Instead, plan to make appropriate changes and improve the security of your files and your online accounts.
To end on a lighter note, consider the password practice of Charles-Eric Gordon, investigative counsel at Law Office of Charles-Eric Gordon, who has an unusual approach. Gordon uses "former addresses and phone numbers of not too-closely related family members and friends. Even if one needs a clue to remember the password, a reference to Uncle Max or Jennifer won't be easily deciphered."
October and Cybersecurity Awareness Month are about to end, yet best practices for cybersecurity clearly are a year-round concern. Start your cyber-review today.
Janet Falk is the head of Falk Communications and Research in New York. She provides media relations and marketing communications services to law firms and consultants. She may be reached at (212) 677-5770 or [email protected].
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Get Your Popcorn Ready: Sanctions Regulations Involving Artwork and Media Content in a Post-'Chevron' World
11 minute read
How Businesses Can Protect Themselves Given the Influx Nature of Non-Competes
6 minute read
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
