“Are you encrypting your hard drives, are you encrypting your servers, are you encrypting your data in transit and in storage? the answer should be yes,” Catherine Sanders Reach, Director of the NCBA Center for Practice Management told me recently.

She had just published an article in the NCBA From the Center blog about encryption. In our conversation, we touched on a lot of cybersecurity themes similar to what I recommend to lawyers.
Ethics opinions and the Rules of Professional Conduct are central to the practice of law, and there we find the common denominator with cybersecurity.

“Lawyers should look at the North Carolina State Bar Rules of Professional Conduct Rule 1.6 (Confidentiality of Information), and then read Comment 19 under ‘Acting Competently to Preserve Confidentiality,’” Reach said. “There is kind of a checklist of factors to be considered determining the reasonableness of a lawyer’s efforts to maintain that confidentiality.”

MALPRACTICE INSURANCE

When attorneys apply for malpractice insurance, many of the insurance companies now ask about the firm’s specific cybersecurity practices. The level of security depends on the firm’s practice areas. Firms that handle trust accounts called for more security than other practice areas. There are also base requirements by statute such as HIPAA for firms working with medical records.

“Start looking at what type of information you send and receive electronically with your clients and what information you are storing in your systems. What steps do you need to take to protect it?” said Reach.
It’s logical to reason that an attorney cannot ensure confidentiality to a client if encryption is not being used, because unencrypted data exposes basic Personally Identifiable Information (PII) at a minimum as well as more sensitive information that lives within an attorney’s ecosystem which can include trade secrets, financial transactions, business mergers, etc.

DEMYSTIFYING CYBERSECURITY

Part of what I’ve learned in 36 years of experience is that cybersecurity needs to be demystified for lawyers as well as for our clients. Attorneys and their clients need to enjoy the confidentiality that is assured between them in a world that is largely online and that directly ties into cybersecurity best practices.

“The Rules do not require impenetrable security. That’s an impossibility. And it doesn’t have to be difficult to use or be incredibly expensive,” said Reach.

Cybersecurity needs to be tailored to the needs of each firm.

With ransomware on the rise, we all know that you want to avoid having your data encrypted by bad actors who then attempt to manipulate you for payment.

Maybe I don’t need to explain all about hashing and encryption algorithms; maybe you just need to know those things exist, so that I can help you practice your own area of expertise.

“Your responsibility to try to prevent a data breach should be scary enough. Then there’s the expense, the exposure and embarrassment … then you’ve got your ethical responsibilities for confidentiality so if that’s not enough to get you to pay attention to cybersecurity I don’t know what it is,” Reach concluded, and I totally agree.

The post Cybersecurity Ethics Requirements appeared first on Attorney at Law Magazine.

Craig Petronella

Craig Petronella is the founder of Petronella Technology Group, Inc. (PTG) an internationally trusted IT cybersecurity and compliance consulting group with over 30 years’ experience helping federal contractors and businesses with cybersecurity and compliance regulations, and who’s patented 22-layer systems cover your People,

Craig Petronella is the founder of Petronella Technology Group, Inc. (PTG) an internationally trusted IT cybersecurity and compliance consulting group with over 30 years’ experience helping federal contractors and businesses with cybersecurity and compliance regulations, and who’s patented 22-layer systems cover your People, Processes and Technology.

Craig is an Amazon #1 Best-Selling Author of many books, including “The Ultimate Guide To CMMC”, founder of the podcast Cybersecurity and Compliance with Craig Petronella – CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001 https://petronellatech.buzzsprout.com/ and is an MIT Certified Professional in AI, Blockchain, Cybersecurity and Compliance.

Almost all of Craig’s clients are earned by referral with little or no advertising, and he is well-known and highly-regarded in professional circles throughout the US, after serving as compliance consultant and conducting onsite risk assessments for over 500 medical practices, hospitals, and business associates across the country.

Continuity of your business operations starts with cybersafety.

PTG provides Cybersecurity & Compliance Consulting Services, including:

We help defense contractors, medical practices, law firms and various businesses that are regulation comply with ANY regulation, including:

  • CMMC
  • DFARS
  • NIST 800-53 & 171
  • DFARS
  • HIPAA & HITECH
  • SOX
  • All ISO & SOC levels
  • & Many More…

We serve customers across all sectors in public & private organizations. We understand that each industry and organization has unique IT challenges and our expertise enables us to help you navigate the regulatory mandates and customize a solution tailored to your needs.