EDISCOVERY | DATA PRIVACY CORNER
EDISCOVERY | DATA PRIVACY CORNER
Cybersecurity : Beware of The Weakest Link in the Chain
ROBERT W . WILKINS
There continues to be an overwhelming amount of daily news about the impact of Artificial Intelligence (“ AI ”) on our lives , and rightfully so . President Biden ’ s Executive Order concerning the safe and secure use of AI was issued on October 30 , 2023 , but by the time you are reading this in December 2023 , the misuse of AI undoubtedly will have increased .
Beware of Generative AI , But Don ’ t Overlook Existing Data Breaches Caused by Human Error
The use of generative AI has already made it easier to impersonate others , transform ordinary pictures into fake images to spread across the internet , create fraudulent emails and messages more effectively , such as AI-generated voice phishing (“ vishing ”) fraud , all of which will be harder to detect . See , 2023 ForgeRock Identity Breach
Report . Attackers already have generated “ deep fake ” AI voice cloning impersonation to cause unauthorized fund transfers .. Underground hacking communities are already using the voice and imaging analysis capabilities of ChatGPT 4.0 to generate new voice messages and images in their ever expanding tool box for fraudulent schemes .
However , let ’ s not forget that HI ( human intelligence ), or the lack thereof , ( more politely , the misuse of biases and other human attributes ) has been and remains the most prevalent cause of data breaches across all industries . Law firms are choice targets given the vast amount and type of confidential information they possess on their clients . Not surprisingly , some of the largest law firms have been targeted and successfully breached .
Third-Party Vendors Must Comply With Your Cyber Security Policies
I have previously written in the Bar Journal about the need to have an incident response plan and to make sure you meet your cyber insurance coverage requirements on an ongoing basis . See , Four Tips to Avoid Denial of Cyber Insurance Coverage for a Data Breach , April 3 , 2023 . In addition to your own cybersecurity measures , you need to make sure all of your third-party vendors have similar security measures in place — the weakest link in the chain concept .
Your third-party vendors ’ ( court reporters , forensic and eDiscovery providers , private investigators , etc ) cybersecurity practices must be compliant with your cybersecurity requirements . You should conduct a risk assessment of their data protection policies , security controls , and incident response capabilities . Inform them of your requirements and monitor and update them regularly to verify compliance with your policies . Remember , the data they have is most likely confidential and you should have a plan to secure and reclaim all of the data managed by that vendor in the event of a data breach of their systems .
Part of your evaluation must include your third-party vendor agreement and , in particular , the limitations on liability and indemnity requirements . Based on personal experience , I have refused to use certain forensic examiners for this reason . You are responsible for the breach of your clients ’ data , even if the breach occurred at the third-party vendor , and you will suffer the consequences regardless .
Takeaways
1 . While the rapid speed at which AI capabilities are advancing , human error continues to be the most prevalent cause of data breaches . 2 . Law firms are a ripe target for attackers given the amount of confidential information stored on their clients . 3 . Prepare and implement an Incident Response Plan that includes the possibility that your third-party vendors may have confidential information that is at risk . 4 . Third-party vendors can be the weakest link in the cybersecurity chain – it is your firm ’ s responsibility to evaluate a vendor ’ s capability to protect your client ’ s data and ensure they are complying with your cybersecurity requirements , including cyber insurance coverage requirements . AI is a burgeoning area of concern , but we
can ’ t neglect the problems that already exist and continue to be the main source of data breaches .
Jones Foster Shareholder Robert W . Wilkins is Chair of the Litigation & Dispute Resolution Practice Group and is Board Certified by The Florida Bar in the areas of Business Litigation and Civil Trial . Rob represents and counsels clients in complex business litigation matters , including e-discovery and data privacy issues . He serves as Co-Chair of the Data Security Subcommittee of the ABA Section of Litigation ’ s Commercial and Business Litigation Committee ( CBL ) and an active member of Working Group 11 of The Sedona Conference on Data Security and Privacy Liability .
LEADING PRACTICE MANAGEMENT SOFTWARE 10 % Discount for Bar Members
You can access your firm from anywhere — at any time — with Clio ’ s mobile app . Bring your matters , documents , notes , and calendar with you wherever you go , all on your mobile device . And , take 10 % off all Clio products with your exclusive PBCBA member discount .
Visit www . clio . com / pbcbar to learn more and use promo code PBCBAR to claim your discount .
PBCBA BAR BULLETIN 15